Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-24339

pki-core - PrettyPrintCert does not properly translate AIA information into a readable format [RHEL 7.9.z]

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • rhel-7.9.z
    • None
    • pki-core
    • None
    • None
    • None
    • sst_idm_cs
    • ssg_idm
    • None
    • Dev ack
    • False
    • Hide

      None

      Show
      None
    • No
    • None
    • Unspecified Release Note Type - Unknown
    • Unspecified
    • Unspecified
    • None

      Description of problem:
      PrettyPrintCert on rhel7.* - rhel9.* does not properly translate the AIA information into a readable format. OpenSSL and the pp tool both do this properly.

      $ PrettyPrintCert test.cer
      Certificate:
      Data:
      Version: v3
      Serial Number: 0xE
      Signature Algorithm: SHA1withRSA - 1.2.840.113549.1.1.5
      Issuer: CN=Certificate Authority, O=UsersysRedhat Domain
      Validity:
      Not Before: Friday, March 7, 2008 at 6:47:46 PM Eastern Standard Time America/New_York
      Not After: Wednesday, September 3, 2008 at 7:47:46 PM Eastern Daylight Time America/New_York
      Subject: CN=ipa-pki-demo.usersys.redhat.com, DC=redhat, DC=com
      Subject Public Key Info:
      Algorithm: RSA - 1.2.840.113549.1.1.1
      Public Key:
      Exponent: 65537
      Public Key Modulus: (1024 bits) :
      DA:4F:12:D5:83:3F:9A:A3:98:03:B0:C4:BF:F8:CB:47:
      58:64:06:47:1C:49:C7:B1:47:FB:8F:98:1D:7B:A0:29:
      49:0F:C9:2F:0B:84:49:62:C1:53:6E:AC:E1:42:8C:7D:
      A5:93:BE:F3:78:80:1E:DC:1E:B4:7D:D1:E9:27:8A:D5:
      3A:E1:1E:70:3D:88:CA:EA:8C:18:B7:74:B1:BE:02:66:
      34:59:52:85:C0:8E:F6:7E:62:26:CB:70:0F:C8:3A:5E:
      C6:E5:4E:00:CB:2A:56:BC:5C:69:C6:5C:E5:47:76:0A:
      7C:AA:21:5D:C0:C7:15:52:90:38:C1:C5:F6:7C:DE:69
      Extensions:
      Identifier: Authority Key Identifier - 2.5.29.35
      Critical: no
      Key Identifier:
      1D:0F:59:41:12:A0:F1:56:BE:3C:D7:1D:71:47:F2:96:
      BD:ED:61:2D
      Identifier: 1.3.6.1.5.5.7.1.1
      Critical: no
      Value:
      30:41:30:3F:06:08:2B:06:01:05:05:07:30:01:86:33:
      68:74:74:70:3A:2F:2F:69:70:61:2D:70:6B:69:2D:64:
      65:6D:6F:2E:75:73:65:72:73:79:73:2E:72:65:64:68:
      61:74:2E:63:6F:6D:3A:39:30:38:30:2F:63:61:2F:6F:
      63:73:70
      Identifier: Key Usage: - 2.5.29.15
      Critical: yes
      Key Usage:
      Digital Signature
      Non Repudiation
      Key Encipherment
      Data Encipherment
      Identifier: Extended Key Usage: - 2.5.29.37
      Critical: no
      Extended Key Usage:
      1.3.6.1.5.5.7.3.1
      Signature:
      Algorithm: SHA1withRSA - 1.2.840.113549.1.1.5
      Signature:
      2F:D4:4F:A8:E0:43:26:A8:F6:31:11:CC:7B:D4:64:59:
      84:64:00:44:D2:56:BB:81:4F:51:3D:C6:6C:27:A9:32:
      97:3F:0E:DB:B6:EA:6D:72:E5:12:AA:E5:9E:2F:04:AF:
      43:52:80:B2:FD:04:D7:00:F2:88:60:42:4D:D2:31:1B:
      DB:32:08:A2:39:F9:F6:98:9E:C7:49:34:B1:C1:91:1C:
      B4:80:CE:64:CA:7D:18:02:27:DE:C9:C7:04:83:A1:19:
      64:06:C4:FB:96:41:81:FE:59:B7:31:63:F3:DD:19:BA:
      A1:E2:E5:F4:D6:D5:51:50:C5:8E:2E:5F:35:CA:25:B1:
      9F:B1:CD:55:5C:54:AD:EB:4D:D6:E5:AF:A9:45:F8:54:
      89:FD:05:8C:33:57:A4:DA:97:FD:17:EF:A9:59:E4:29:
      DA:EC:70:1C:75:D1:2C:AE:D0:19:EF:85:86:16:86:43:
      01:8A:AE:BD:61:C6:64:8D:90:03:2A:94:1F:8C:CD:5A:
      E6:BF:4D:79:D1:BC:CC:2B:6A:E3:E9:61:6C:D6:31:DD:
      8F:4C:F2:A5:21:8F:BD:DC:75:7F:76:AA:A0:CE:39:67:
      34:1B:03:3D:3C:F7:CA:F6:F2:7D:E7:5F:21:4E:0B:C7:
      65:A4:7A:22:39:EB:2B:40:89:BF:DD:C9:60:46:31:B8
      FingerPrint
      MD2:
      22:4E:8B:CC:9F:DA:45:FC:3D:F0:ED:AC:81:44:13:40
      MD5:
      E8:BB:81:05:EB:26:8A:6C:75:E6:3C:D5:63:96:55:6E
      SHA-1:
      A6:79:AF:63:ED:94:AD:0C:F2:0A:FE:8A:82:FB:F1:C4:
      8E:B5:2F:E8
      SHA-256:
      A8:93:5A:C8:FD:5F:0B:AF:A1:2C:92:A7:F5:F0:81:02:
      A2:70:40:E4:21:88:73:3D:66:4D:36:AA:8D:84:BB:CE
      SHA-512:
      06:28:29:38:EC:92:A9:10:C7:10:79:35:4F:4F:02:8B:
      9C:38:9D:30:B3:A0:15:2C:30:58:7D:13:7E:A4:9C:1E:
      F9:C5:34:2B:66:95:6E:F4:63:74:DB:ED:BD:EC:3F:2E:
      E0:85:B7:E6:81:C2:CC:8D:73:AD:1F:D7:FA:91:7A:B0

      Version-Release number of selected component (if applicable):
      pki-core all versions

      How reproducible:
      Very

      Steps to Reproduce:
      1. Install pki-tools
      2. Run PrettyPrintCert against a certificate with AIA information

      Actual results:
      The Value field should be translated. Below is from PrettyPrintCert

      Identifier: 1.3.6.1.5.5.7.1.1
      Critical: no
      Value:
      30:41:30:3F:06:08:2B:06:01:05:05:07:30:01:86:33:
      68:74:74:70:3A:2F:2F:69:70:61:2D:70:6B:69:2D:64:
      65:6D:6F:2E:75:73:65:72:73:79:73:2E:72:65:64:68:
      61:74:2E:63:6F:6D:3A:39:30:38:30:2F:63:61:2F:6F:
      63:73:70

      Below is from openssl

      X509v3 Authority Key Identifier:
      1D:0F:59:41:12:A0:F1:56:BE:3C:D7:1D:71:47:F2:96:BD:ED:61:2D
      Authority Information Access:
      OCSP - URI:http://ipa-pki-demo.usersys.redhat.com:9080/ca/ocsp

      Expected results:

      X509v3 Authority Key Identifier:
      1D:0F:59:41:12:A0:F1:56:BE:3C:D7:1D:71:47:F2:96:BD:ED:61:2D
      Authority Information Access:
      OCSP - URI:http://ipa-pki-demo.usersys.redhat.com:9080/ca/ocsp

      Additional info:

              rh-ee-mfargett Marco Fargetta
              rhn-support-czinda Chris Zinda
              RHCS Maintenance RHCS Maintenance
              no-user-match-found no-user-match-found
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: