Actions
Bug #23635
closed
Agent Pre-established trust not working with Rudder 8.0 agent RHEL 7 on CentOS 7
Pull Request:
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
User visibility:
Getting started - demo | first install | Technique editor and level 1 Techniques
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No
Description
Trying to establish pre-trust between a Rudder 8.0 server on RHEL 8 and a Rudder 8.0 agent for RHEL 7 on CentOS 7 doesn't work.
Server Rudder 8.0, Alma 8:
# rudder agent info
Key/Certificate
Key hash: MD5=1ab3d58f439c2c15f8334f2a22ae30c2
Key hash: sha256//+FBk7T9iR8YlBGw5hg99FMuow5cdLBTh5t+pdl9+CC4=
Cert. fingerprint: BE:2D:47:D9:2A:1B:45:29:3D:A9:2C:E8:68:88:F2:E1:25:65:D4:35
Key pinning: full
Agent Rudder 8.0, Alma 8:
# rudder agent policy-server -t sha256//+FBk7T9iR8YlBGw5hg99FMuow5cdLBTh5t+pdl9+CC4= 192.168.61.7 writing RSA key
Agent Rudder 8.0, CentOS 7:
# rudder agent policy-server -t sha256//+FBk7T9iR8YlBGw5hg99FMuow5cdLBTh5t+pdl9+CC4= 192.168.61.7 unable to load certificate 139852637140880:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: TRUSTED CERTIFICATE unable to load certificate 140569274202000:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: TRUSTED CERTIFICATE unable to load Public Key error: Provided key sha256//+FBk7T9iR8YlBGw5hg99FMuow5cdLBTh5t+pdl9+CC4= doesn't match server key sha256//47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=
Updated by Alexis Mousset about 1 year ago
sha256//47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= is the hash of an empty string. Something is likely broken in the certificate extraction.
Updated by Alexis Mousset about 1 year ago
The root cause is that we only embed the openssl lib but not the binary. The system openssl binary is not compatible with our model, and fail to fetch the certificate.
Updated by Benoît PECCATTE about 1 year ago
- Status changed from New to In progress
- Assignee set to Benoît PECCATTE
Updated by Benoît PECCATTE about 1 year ago
- Status changed from In progress to Pending technical review
- Assignee changed from Benoît PECCATTE to Alexis Mousset
- Pull Request set to https://github.com/Normation/rudder-packages/pull/2832
Updated by Benoît PECCATTE about 1 year ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder-packages|24c4ae0a6f4df074ed089ffdebf7789fa84d904f.
Updated by Alexis Mousset about 1 year ago
- Fix check changed from To do to Checked
Updated by Vincent MEMBRÉ about 1 year ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 8.0.1 which was released today.
Updated by Alexis Mousset 10 months ago
- Related to Bug #24019: Embed openssl cli on 7.3 added
Actions