-
Bug
-
Resolution: Done-Errata
-
Undefined
-
rhel-9.6, rhel-10.0
-
None
-
sscg-3.0.0-10.el9
-
No
-
Moderate
-
rhel-stacks-web-servers
-
25
-
26
-
3
-
False
-
False
-
-
None
-
None
-
Pass
-
Enabled
-
New Test Coverage
-
Unspecified
-
Unspecified
-
Unspecified
-
-
All
-
None
What were you trying to do that didn't work?
Run `sscg --subject-alt-name=IP:192.168.0.1` to create a certificate valid only for a system running at that IP address.
What is the impact of this issue to you?
The command invocation fails with:
Invalid name constraint: permitted;DNS:localhost, permitted;IP:192.168.0.1, permitted;DNS:localhost
ERROR: Invalid argument
Please provide the package NVR for which the bug is seen:
sscg-3.0.5-11.el10
sscg-3.0.0-9.el10
How reproducible is this bug?:
Every time
Steps to reproduce
- sscg --subject-alt-name=IP:192.168.0.1
Expected results
An x509 certificate is created that is valid only for a server running at 192.168.0.1 and a CA certificate that is permitted to sign certificates for that IP address. (Verify with openssl x509 -in <cert> -text)
Actual results
Invalid name constraint: permitted;DNS:localhost, permitted;IP:192.168.0.1, permitted;DNS:localhost
ERROR: Invalid argument
- links to
-
RHBA-2025:148451
sscg bug fix and enhancement update