Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Guarantee that SerialFileGenerator starts at 2 #18713

Merged
merged 1 commit into from
Feb 24, 2018
Merged

Guarantee that SerialFileGenerator starts at 2 #18713

merged 1 commit into from
Feb 24, 2018

Conversation

enj
Copy link
Contributor

@enj enj commented Feb 22, 2018

This changes makes it so that SerialFileGenerator never returns a value less than 2 for a call to Next. This guarantees that certificates generated using it do not have a serial number that conflicts with the CA's serial number of 1. This behavior was lost in 266aa46.

Signed-off-by: Monis Khan [email protected]

/kind bug
/assign @liggitt

Supersedes #18710

@openshift/sig-security

@enj
Guarantee that SerialFileGenerator starts at 2
95e2620 
This changes makes it so that SerialFileGenerator never returns a
value less than 2 for a call to Next.  This guarantees that
certificates generated using it do not have a serial number that
conflicts with the CA's serial number of 1.  This behavior was lost
in 266aa46.

Signed-off-by: Monis Khan <[email protected]>
@openshift-ci-robot openshift-ci-robot added kind/bug Categorizes issue or PR as related to a bug. sig/security labels Feb 22, 2018
@openshift-ci-robot openshift-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Feb 22, 2018
@enj enj mentioned this pull request Feb 22, 2018
Closed
@enj
Copy link
Contributor Author

enj commented Feb 22, 2018

/retest

@simo5
Copy link
Contributor

simo5 commented Feb 22, 2018

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Feb 22, 2018
@mrogers950
Copy link
Contributor

/lgtm

@openshift-ci-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: enj, mrogers950, simo5

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@enj
Copy link
Contributor Author

enj commented Feb 22, 2018

/retest

@liggitt liggitt mentioned this pull request Feb 22, 2018
Closed
@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

1 similar comment
@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@enj
Copy link
Contributor Author

enj commented Feb 22, 2018

/retest

1 similar comment
@enj
Copy link
Contributor Author

enj commented Feb 23, 2018

/retest

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

1 similar comment
@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

4 similar comments
@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@richm
Copy link

richm commented Feb 23, 2018

/retest

@abutcher abutcher mentioned this pull request Feb 23, 2018
Closed
@richm richm mentioned this pull request Feb 23, 2018
Merged
@richm
Copy link

richm commented Feb 23, 2018

gcp test failure:

failed: [35.227.68.241] (item=PyYAML) => {"attempts": 2, "changed": false, "item": "PyYAML", "msg": "Failure talking to yum: File /var/cache/yum/x86_64/7Server/epel/metalink.xml does not exist"}

@smarterclayton
Copy link
Contributor

If the batch fails I'll direct merge

@openshift-merge-robot
Copy link
Contributor

/test all [submit-queue is verifying that this PR is safe to merge]

@openshift-merge-robot
Copy link
Contributor

Automatic merge from submit-queue.

@openshift-merge-robot openshift-merge-robot merged commit d2bd543 into openshift:master Feb 24, 2018
@danwinship danwinship mentioned this pull request Feb 27, 2018
Closed
@nmav
Copy link

nmav commented Mar 2, 2018

+1, a serial number of zero is illegal. According to rfc5280:
"CAs MUST force the serialNumber to be a non-negative integer."

@phemmer phemmer mentioned this pull request Apr 5, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@csrwng csrwng Awaiting requested review from csrwng

@danwinship danwinship Awaiting requested review from danwinship

Assignees

@liggitt liggitt

@mrogers950 mrogers950

@simo5 simo5

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/bug Categorizes issue or PR as related to a bug. lgtm Indicates that a PR is ready to be merged. queue/critical-fix sig/security size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
10 participants
@enj @simo5 @mrogers950 @openshift-ci-robot @openshift-bot @richm @smarterclayton @openshift-merge-robot @nmav @liggitt