Modify ↓
Ticket #1069 (closed defect: fixed)
SSLCA hangs calling openssl.
| Reported by: | J davis <[email protected]…> | Owned by: | desai |
|---|---|---|---|
| Priority: | major | Milestone: | Bcfg2 1.2.0 Release |
| Component: | bcfg2-client | Version: | 1.0 |
| Keywords: | Cc: |
Description
When generating a client certificate SSLCA calls openssl in such a way that it will not return and causes a read timeout on the server.
The following diff against git commit a6cb404ac205e47210de1fa1f07f11571182c18c seems to fix the issue for me.
diff --git a/src/lib/Server/Plugins/SSLCA.py b/src/lib/Server/Plugins/SSLCA.py
index 6bd4b06..5a517cc 100644
--- a/src/lib/Server/Plugins/SSLCA.py
+++ b/src/lib/Server/Plugins/SSLCA.py
@@ -271,5 +271,5 @@ class SSLCA(Bcfg2.Server.Plugin.GroupSpool):
key = self.data + key_filename
cmd = ["openssl", "req", "-new", "-config", req_config,
"-days", days, "-key", key, "-text", "-out", req]
- res = Popen(cmd, shell=True, stdout=PIPE).stdout.read()
+ res = Popen(cmd, shell=False, stdout=PIPE).stdout.read()
return req
Attachments
Change History
comment:1 Changed 11 years ago by J davis <[email protected]…>
comment:2 Changed 11 years ago by solj
- Status changed from new to closed
- Resolution set to fixed
Applied in 3afe69fc3b405ef6922ba6006e0ef140efebd737. Thanks for the patch!
comment:3 Changed 11 years ago by solj
Correct commit is e1d4d4e1deda05a503d4b79258e6a6cdbed9fea9.
Note: See
TracTickets for help on using
tickets.
Here's an alternate diff as suggested by solj.
diff --git a/src/lib/Server/Plugins/SSLCA.py b/src/lib/Server/Plugins/SSLCA.py index 6bd4b06..7b4a08a 100644 --- a/src/lib/Server/Plugins/SSLCA.py +++ b/src/lib/Server/Plugins/SSLCA.py @@ -271,5 +271,5 @@ class SSLCA(Bcfg2.Server.Plugin.GroupSpool): key = self.data + key_filename cmd = ["openssl", "req", "-new", "-config", req_config, "-days", days, "-key", key, "-text", "-out", req] - res = Popen(cmd, shell=True, stdout=PIPE).stdout.read() + res = Popen(cmd, stdout=PIPE).stdout.read() return req