Skip to content

pfpki: PKI templates can be modified by a SCEP request #6751

New issue
New issue
Closed
#6767
Closed
pfpki: PKI templates can be modified by a SCEP request#6751
#6767
Assignees
fdurand
Labels
Priority: HighType: Bug
Milestone
+1 (patch release)
@nqb

Description

@nqb
nqb
opened on Dec 8, 2021

Describe the bug
If you create a PKI template with values for following fields : organisation, organisational_unit, country, state, locality, ocsp_url. Values of these fields (in PKI template) are removed when you request a certificate through SCEP using this PKI template.

User certificates doesn't contain these values too.

Has been noticed on 11.0.0, can be replicate on devel.

To Reproduce
Steps to reproduce the behavior:

  1. Create a CA
  2. Create a PKI template with values for organisation, organisational_unit, country, state, locality, ocsp_url (with SCEP enabled)
  3. Request a certificate through SCEP
  4. Look value of fields for PKI template

=> They have been removed

  1. Look value of fields for user certificate

=> Values are not here

Expected behavior

  • PKI template should not be updated by a SCEP request
  • User certificate should contain values of PKI template

Additional context
There is no specific error in logs.

Metadata

Metadata

Assignees

Labels

Priority: HighType: Bug

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions