-
Bug
-
Resolution: Done-Errata
-
Undefined
-
None
-
None
-
None
-
None
-
sst_idm_cs
-
ssg_idm
-
None
-
Dev ack
-
False
-
-
No
-
None
-
None
-
None
-
Unspecified Release Note Type - Unknown
-
-
Unspecified
-
Unspecified
-
None
Description of problem:
PrettyPrintCert on rhel7.* - rhel9.* does not properly translate the AIA information into a readable format. OpenSSL and the pp tool both do this properly.
$ PrettyPrintCert test.cer
Certificate:
Data:
Version: v3
Serial Number: 0xE
Signature Algorithm: SHA1withRSA - 1.2.840.113549.1.1.5
Issuer: CN=Certificate Authority, O=UsersysRedhat Domain
Validity:
Not Before: Friday, March 7, 2008 at 6:47:46 PM Eastern Standard Time America/New_York
Not After: Wednesday, September 3, 2008 at 7:47:46 PM Eastern Daylight Time America/New_York
Subject: CN=ipa-pki-demo.usersys.redhat.com, DC=redhat, DC=com
Subject Public Key Info:
Algorithm: RSA - 1.2.840.113549.1.1.1
Public Key:
Exponent: 65537
Public Key Modulus: (1024 bits) :
DA:4F:12:D5:83:3F:9A:A3:98:03:B0:C4:BF:F8:CB:47:
58:64:06:47:1C:49:C7:B1:47:FB:8F:98:1D:7B:A0:29:
49:0F:C9:2F:0B:84:49:62:C1:53:6E:AC:E1:42:8C:7D:
A5:93:BE:F3:78:80:1E:DC:1E:B4:7D:D1:E9:27:8A:D5:
3A:E1:1E:70:3D:88:CA:EA:8C:18:B7:74:B1:BE:02:66:
34:59:52:85:C0:8E:F6:7E:62:26:CB:70:0F:C8:3A:5E:
C6:E5:4E:00:CB:2A:56:BC:5C:69:C6:5C:E5:47:76:0A:
7C:AA:21:5D:C0:C7:15:52:90:38:C1:C5:F6:7C:DE:69
Extensions:
Identifier: Authority Key Identifier - 2.5.29.35
Critical: no
Key Identifier:
1D:0F:59:41:12:A0:F1:56:BE:3C:D7:1D:71:47:F2:96:
BD:ED:61:2D
Identifier: 1.3.6.1.5.5.7.1.1
Critical: no
Value:
30:41:30:3F:06:08:2B:06:01:05:05:07:30:01:86:33:
68:74:74:70:3A:2F:2F:69:70:61:2D:70:6B:69:2D:64:
65:6D:6F:2E:75:73:65:72:73:79:73:2E:72:65:64:68:
61:74:2E:63:6F:6D:3A:39:30:38:30:2F:63:61:2F:6F:
63:73:70
Identifier: Key Usage: - 2.5.29.15
Critical: yes
Key Usage:
Digital Signature
Non Repudiation
Key Encipherment
Data Encipherment
Identifier: Extended Key Usage: - 2.5.29.37
Critical: no
Extended Key Usage:
1.3.6.1.5.5.7.3.1
Signature:
Algorithm: SHA1withRSA - 1.2.840.113549.1.1.5
Signature:
2F:D4:4F:A8:E0:43:26:A8:F6:31:11:CC:7B:D4:64:59:
84:64:00:44:D2:56:BB:81:4F:51:3D:C6:6C:27:A9:32:
97:3F:0E:DB:B6:EA:6D:72:E5:12:AA:E5:9E:2F:04:AF:
43:52:80:B2:FD:04:D7:00:F2:88:60:42:4D:D2:31:1B:
DB:32:08:A2:39:F9:F6:98:9E:C7:49:34:B1:C1:91:1C:
B4:80:CE:64:CA:7D:18:02:27:DE:C9:C7:04:83:A1:19:
64:06:C4:FB:96:41:81:FE:59:B7:31:63:F3:DD:19:BA:
A1:E2:E5:F4:D6:D5:51:50:C5:8E:2E:5F:35:CA:25:B1:
9F:B1:CD:55:5C:54:AD:EB:4D:D6:E5:AF:A9:45:F8:54:
89:FD:05:8C:33:57:A4:DA:97:FD:17:EF:A9:59:E4:29:
DA:EC:70:1C:75:D1:2C:AE:D0:19:EF:85:86:16:86:43:
01:8A:AE:BD:61:C6:64:8D:90:03:2A:94:1F:8C:CD:5A:
E6:BF:4D:79:D1:BC:CC:2B:6A:E3:E9:61:6C:D6:31:DD:
8F:4C:F2:A5:21:8F:BD:DC:75:7F:76:AA:A0:CE:39:67:
34:1B:03:3D:3C:F7:CA:F6:F2:7D:E7:5F:21:4E:0B:C7:
65:A4:7A:22:39:EB:2B:40:89:BF:DD:C9:60:46:31:B8
FingerPrint
MD2:
22:4E:8B:CC:9F:DA:45:FC:3D:F0:ED:AC:81:44:13:40
MD5:
E8:BB:81:05:EB:26:8A:6C:75:E6:3C:D5:63:96:55:6E
SHA-1:
A6:79:AF:63:ED:94:AD:0C:F2:0A:FE:8A:82:FB:F1:C4:
8E:B5:2F:E8
SHA-256:
A8:93:5A:C8:FD:5F:0B:AF:A1:2C:92:A7:F5:F0:81:02:
A2:70:40:E4:21:88:73:3D:66:4D:36:AA:8D:84:BB:CE
SHA-512:
06:28:29:38:EC:92:A9:10:C7:10:79:35:4F:4F:02:8B:
9C:38:9D:30:B3:A0:15:2C:30:58:7D:13:7E:A4:9C:1E:
F9:C5:34:2B:66:95:6E:F4:63:74:DB:ED:BD:EC:3F:2E:
E0:85:B7:E6:81:C2:CC:8D:73:AD:1F:D7:FA:91:7A:B0
Version-Release number of selected component (if applicable):
pki-core all versions
How reproducible:
Very
Steps to Reproduce:
1. Install pki-tools
2. Run PrettyPrintCert against a certificate with AIA information
Actual results:
The Value field should be translated. Below is from PrettyPrintCert
Identifier: 1.3.6.1.5.5.7.1.1
Critical: no
Value:
30:41:30:3F:06:08:2B:06:01:05:05:07:30:01:86:33:
68:74:74:70:3A:2F:2F:69:70:61:2D:70:6B:69:2D:64:
65:6D:6F:2E:75:73:65:72:73:79:73:2E:72:65:64:68:
61:74:2E:63:6F:6D:3A:39:30:38:30:2F:63:61:2F:6F:
63:73:70
Below is from openssl
X509v3 Authority Key Identifier:
1D:0F:59:41:12:A0:F1:56:BE:3C:D7:1D:71:47:F2:96:BD:ED:61:2D
Authority Information Access:
OCSP - URI:http://ipa-pki-demo.usersys.redhat.com:9080/ca/ocsp
Expected results:
X509v3 Authority Key Identifier:
1D:0F:59:41:12:A0:F1:56:BE:3C:D7:1D:71:47:F2:96:BD:ED:61:2D
Authority Information Access:
OCSP - URI:http://ipa-pki-demo.usersys.redhat.com:9080/ca/ocsp
Additional info:
- account is impacted by
-
RHEL-26881 Fix additional OID mappings [RHEL 7.9.z]
- Closed
- clones
-
RHEL-23935 JSS - PrettyPrintCert does not properly translate AIA information into a readable format [RHEL 7.9.z]
- Closed
- links to
-
RHSA-2024:130945 pki-core bug fix update