Modify

Ticket #1069 (closed defect: fixed)

Opened 10 years ago

Last modified 10 years ago

SSLCA hangs calling openssl.

Reported by: J davis <jake.davis@…> Owned by: desai
Priority: major Milestone: Bcfg2 1.2.0 Release
Component: bcfg2-client Version: 1.0
Keywords: Cc:

Description

When generating a client certificate SSLCA calls openssl in such a way that it will not return and causes a read timeout on the server.

The following diff against git commit a6cb404ac205e47210de1fa1f07f11571182c18c seems to fix the issue for me.

diff --git a/src/lib/Server/Plugins/SSLCA.py b/src/lib/Server/Plugins/SSLCA.py
index 6bd4b06..5a517cc 100644
--- a/src/lib/Server/Plugins/SSLCA.py
+++ b/src/lib/Server/Plugins/SSLCA.py
@@ -271,5 +271,5 @@ class SSLCA(Bcfg2.Server.Plugin.GroupSpool):
         key = self.data + key_filename
         cmd = ["openssl", "req", "-new", "-config", req_config,
                "-days", days, "-key", key, "-text", "-out", req]
-        res = Popen(cmd, shell=True, stdout=PIPE).stdout.read()
+        res = Popen(cmd, shell=False, stdout=PIPE).stdout.read()
         return req

Attachments

Change History

comment:1 Changed 10 years ago by J davis <jake.davis@…>

Here's an alternate diff as suggested by solj.

diff --git a/src/lib/Server/Plugins/SSLCA.py b/src/lib/Server/Plugins/SSLCA.py
index 6bd4b06..7b4a08a 100644
--- a/src/lib/Server/Plugins/SSLCA.py
+++ b/src/lib/Server/Plugins/SSLCA.py
@@ -271,5 +271,5 @@ class SSLCA(Bcfg2.Server.Plugin.GroupSpool):
         key = self.data + key_filename
         cmd = ["openssl", "req", "-new", "-config", req_config,
                "-days", days, "-key", key, "-text", "-out", req]
-        res = Popen(cmd, shell=True, stdout=PIPE).stdout.read()
+        res = Popen(cmd, stdout=PIPE).stdout.read()
         return req

comment:2 Changed 10 years ago by solj

  • Status changed from new to closed
  • Resolution set to fixed

Applied in 3afe69fc3b405ef6922ba6006e0ef140efebd737. Thanks for the patch!

comment:3 Changed 10 years ago by solj

WARNING! You need to establish a session before you can create or edit tickets. Otherwise the ticket will get treated as spam.

View

Add a comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
The resolution will be deleted. Next status will be 'reopened'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.