Revision b9667a02

« Previous | Next »

Added by Evgeni Golov 15 days ago

ID b9667a02bebf6cce0b96fbd631ce34fb27c325ec
Parent d7e8d4e9
Child 91651c55

Fixes #37384 - properly pass fips=false when checking keystore

In a FIPS-enabled environment, calling `keytool -list` with a wrong
password doesn't yield an error, unless we also pass `fips=false` like
we do when creating the keystore:

keytool -list -keystore ./store -storepass wrong-password
Keystore type: PKCS11
Keystore provider: SunPKCS11-NSS-FIPS

Your keystore contains 0 entries

Passing `fips=false` makes it correctly raise the expected exception:

keytool -list -keystore ./store -storepass wrong-password -J-Dcom.redhat.fips=false
keytool error: java.io.IOException: keystore password was incorrect

Fixes: 6fea0bbb4143ca439cff01bf9f0e54cf88140d10

Changes
View differences

added
modified
copied
renamed
deleted

lib
- puppet_x
  - certs
    - provider
      - keystore.rb (diff)

Project

General

Profile

Foreman » Installer

Revision b9667a02

Added by Evgeni Golov 15 days ago

Project

General

Profile

Foreman » Installer

Revision b9667a02

Added by Evgeni Golov 15 days ago

Related issues