[Bug 1968259] [NEW] [UBUNTU 22.04] check_hostkeydoc is checking the certificate issuer too strictly (s390-tools)
Launchpad Bug Tracker
1968259 at bugs.launchpad.net
Fri Apr 8 06:38:51 UTC 2022
You have been subscribed to a public bug:
== Comment: #0 - Viktor Mihajlovski <MIHAJLOV at de.ibm.com> - 2022-04-07 09:16:49 ==
The s390-tools script check_hostkeydoc can be used to perform the verification of the chain of trust for Secure Execution host key documents.
The certificate verification is however too strict and doesn't match the checking performed by genprotimg.
Affected is the OU field in the issuer DN of the host key document. As a consequence, verification failures will occur for host key documents issued for newer hardware generations like IBM z16.
== Comment: #1 - Viktor Mihajlovski <MIHAJLOV at de.ibm.com> - 2022-04-07 09:18:08 ==
Fixed by:
https://github.com/ibm-s390-linux/s390-tools
commit 673ff375d939d3cde674f8f99a62d456f8b1673d
Author: Viktor Mihajlovski <mihajlov at linux.ibm.com>
Date: Tue Mar 15 12:55:02 2022 +0100
genprotimg/check_hostkeydoc: relax default issuer check
** Affects: s390-tools (Ubuntu)
Importance: Undecided
Assignee: Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage)
Status: New
** Tags: architecture-all bugnameltc-197551 severity-high targetmilestone-inin---
--
[UBUNTU 22.04] check_hostkeydoc is checking the certificate issuer too strictly (s390-tools)
https://bugs.launchpad.net/bugs/1968259
You received this bug notification because you are a member of Ubuntu Foundations Bugs, which is subscribed to s390-tools in Ubuntu.
More information about the foundations-bugs
mailing list