Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

APIC CA Cert Validation failing when running on 6.0.7 or 6.1.1 code #171

Open
cody-skidmore opened this issue Oct 5, 2024 · 0 comments
Open

APIC CA Cert Validation failing when running on 6.0.7 or 6.1.1 code #171

cody-skidmore opened this issue Oct 5, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@cody-skidmore
Copy link

When running the 2.2.1 script against an APIC running 6.0.7e or 6.1.1f, the following is seen

[Check 57/67] APIC CA Cert Validation...
openssl cmd issue, send logs to TAC                                                      ERROR !!

It seems that when calling the /bin/openssl on these versions, we get a symbol lookup error:

/bin/openssl: symbol lookup error: /bin/openssl: undefined symbol: Camellia_set_key, version OPENSSL_1_1_0

Removing the /bin/ path on the openssl command allows the checks to run on this version. The need is to determine if the path is required on earlier versions of ACI for this check or if it should just be omitted. Additional verbosity for the error message would also be helpful.

From:

Generate csr for certreq

        cmd = '/bin/openssl genrsa -out ' + key_pem + ' 2048'
        cmd = cmd + ' && /bin/openssl req -config ' + cert_gen_filename + ' -new -key ' + key_pem + ' -out ' + csr_pem
        cmd = cmd + ' && /bin/openssl dgst -sha256 -hmac ' + passphrase + ' -out ' + sign + ' ' + csr_pem
        logging.debug('cmd = '+''.join(cmd))
        genrsa_proc = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, shell=True)
        genrsa_proc.communicate()[0].strip()
        if genrsa_proc.returncode != 0:
            print_result(title, ERROR, 'openssl cmd issue, send logs to TAC')
            return ERROR

To:

Generate csr for certreq

        cmd = 'openssl genrsa -out ' + key_pem + ' 2048'
        cmd = cmd + ' && openssl req -config ' + cert_gen_filename + ' -new -key ' + key_pem + ' -out ' + csr_pem
        cmd = cmd + ' && openssl dgst -sha256 -hmac ' + passphrase + ' -out ' + sign + ' ' + csr_pem
        logging.debug('cmd = '+''.join(cmd))
        genrsa_proc = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, shell=True)
        genrsa_proc.communicate()[0].strip()
        if genrsa_proc.returncode != 0:
            print_result(title, ERROR, 'openssl cmd issue, send logs to TAC')
            return ERROR
@cody-skidmore cody-skidmore added the bug Something isn't working label Oct 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cody-skidmore