Bug #20199: node certificate is not validated when using create node api and it breaks everything - Rudder - Issue Tracker

Actions

Copy link

Bug #20199

open

node certificate is not validated when using create node api and it breaks everything

Added by Nicolas CHARLES over 3 years ago. Updated over 1 year ago.

Status:

New

Priority:

N/A

Assignee:

Category:

API

Target version:

Pull Request:

Severity:

UX impact:

User visibility:

Effort required:

Priority:

Name check:

To do

Fix check:

To do

Regression:

Description

creating a node with an invalid certificate breaks generation & rudder-relayd reload

[2021-10-26 15:24:55+0200] ERROR com.normation.rudder.services.policies.WriteNodeCertificatesPemImpl - Unexpected: Error when executing reload command '/opt/rudder/bin/rudder relay reload -p' after writing node certificates file. Command output: code: 1
stdout: error: Could not reload relayd configuration
{"result":"error","action":"reloadConfiguration","errorDetails":"OpenSSL error"}

stderr: 
[2021-10-26 15:24:55+0200] ERROR policy.generation - Error when trying to get the CFEngine-MD5 digest for certificate of node 'my.node.hostname.local' (378740d3-c4a9-4474-8485-478e7e52db52) <- CryptoEx: Key '-----BEGIN CERTIFICATE-----
----BEGIN CERTIFICATE---- ....
-----END CERTIFICATE-----' cannot be parsed as a valid certificate; root exception was: unable to decode base64 string: invalid characters encountered in base64 data
[2021-10-26 15:24:55+0200] INFO  application - Configured authentication provider(s): [rootAdmin, file]
[2021-10-26 15:24:55+0200] ERROR policy.generation - Error when trying to get the sha-256 digest of Certificate for node 'my.node.hostname.local' (378740d3-c4a9-4474-8485-478e7e52db52): CryptoEx: Key '-----BEGIN CERTIFICATE-----
----BEGIN CERTIFICATE---- ....
-----END CERTIFICATE-----' cannot be parsed as a valid certificate; root exception was: unable to decode base64 string: invalid characters encountered in base64 data

happens in 7.0 but also certainly in 6.2