[SSSD] [sssd PR#5918][comment] Client ca validation error

Tue, 04 Jan 2022 02:39:36 -0800 

  URL: https://github.com/SSSD/sssd/pull/5918
Title: #5918: Client ca validation error

martinpitt commented:
"""
@ikerexxe : Sorry for the delay, holidays came in between. I finally tested the 
COPR at last, and it works great now:
```
[root@x0 ~]# busctl call org.freedesktop.sssd.infopipe 
/org/freedesktop/sssd/infopipe/Users org.freedesktop.sssd.infopipe.Users 
FindByValidCertificate s -- "$(cat /var/tmp/alice.pem)"
o "/org/freedesktop/sssd/infopipe/Users/cockpit_2elan/200400001"

[root@x0 ~]# mv /etc/sssd/pki/sssd_auth_ca_db.pem{,.disabled}
[root@x0 ~]# busctl call org.freedesktop.sssd.infopipe 
/org/freedesktop/sssd/infopipe/Users org.freedesktop.sssd.infopipe.Users 
FindByValidCertificate s -- "$(cat /var/tmp/alice.pem)"
Call failed: Certificate authority file not found

[root@x0 ~]# echo > /etc/sssd/pki/sssd_auth_ca_db.pem
[root@x0 ~]# busctl call org.freedesktop.sssd.infopipe 
/org/freedesktop/sssd/infopipe/Users org.freedesktop.sssd.infopipe.Users 
FindByValidCertificate s -- "$(cat /var/tmp/alice.pem)"
Call failed: 1432158296: Invalid certificate provided
```

The reply details in `busctl monitor` for the second call:

```
‣ Type=error  Endian=l  Flags=1  Version=1 Cookie=23  ReplyCookie=2  
Timestamp="Tue 2022-01-04 10:37:40.619498 UTC"
  Sender=:1.56  Destination=:1.101
  ErrorName=sbus.Error.NoCA  ErrorMessage="Certificate authority file not found"
  UniqueName=:1.56
  MESSAGE "s" {
          STRING "Certificate authority file not found";
  };
```

So, perfect :+1: Thank you, and happy new year!

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5918#issuecomment-1004699015

_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to