[Freeipa-devel] [patch 0038-0040] Sub CA test patches
Milan Kubík
mkubik at redhat.com
Thu Jul 7 13:46:52 UTC 2016
On 07/04/2016 08:57 AM, Fraser Tweedale wrote:
> Hi Milan,
>
> Yes, we can :) Two issues, outlined below.
>
>
> 1)
> Running the tests, I get error in
> test_create_subca_with_subject_conflict cleanup::
>
> ____________ ERROR at teardown of TestCAbasicCRUD.test_create_subca_with_subject_conflict _____________
>
> def cleanup():
> created = self.exists
> try:
> del_command()
>
> <snip>
> E NotFound: crud-subca-2: Certificate Authority not found
>
>
> I do not know testing framework very well but it looks like
> track_create() sets 'self.exists = True' before the create command
> throws the (expected) DuplicateEntry error. (These are called from
> create() in the tracker 'base' class). Later, cleanup() catches a
> NotFound but re-throws it because it believes the entry should have
> existed.
>
>
> 2)
> the usercert.conf.tmpl does not like a subject base with spaces in
> it, i.e. if 'openssl req' config template gets formatted like:
>
> [ dn ]
> commonName = "alice"
> o=IPA.LOCAL 201606201330
>
> then 'openssl req' fails with nasty error like:
>
> 140644791924600:error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first num too large:a_object.c:108:
> 140644791924600:error:0B083077:x509 certificate routines:X509_NAME_ENTRY_create_by_txt:invalid field name:x509name.c:295:name=o
>
> and CalledProcessError gets raised and the test fails.
>
> Simplest solution is to simply remove the '{ipacertbase}' from the
> template, because AFAIK it is not needed and parsing and formatting
> the certbase (which could have multiple AVAs) is more complex than
> the test calls for, IMO.
>
>
> Thanks,
> Fraser
Hi, thanks.
I must have missed the first issue after I removed the expected fail
marker. I have fixed it now.
As for the usercert template, this code is older than the issues at
hand. I do not remember why exactly I used that
option in the openssl config. I have removed that in a new patch.
--
Milan Kubik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkubik-0038-2-ipatests-Tracker-implementation-for-Sub-CA-feature.patch
Type: text/x-patch
Size: 11842 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160707/8aac5fc8/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkubik-0039-2-ipatests-Extend-CAACL-suite-to-cover-Sub-CA-members.patch
Type: text/x-patch
Size: 6442 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160707/8aac5fc8/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkubik-0040-2-ipatests-Test-Sub-CA-with-CAACL-and-certificate-prof.patch
Type: text/x-patch
Size: 6341 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160707/8aac5fc8/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkubik-0041-ipatests-remove-ipacertbase-option-from-test-CSR-con.patch
Type: text/x-patch
Size: 1919 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160707/8aac5fc8/attachment-0003.bin>
More information about the Freeipa-devel
mailing list