Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PKI Tidy deletes all certificates when safety_buffer is higher than 9223372036 #4641

Closed
smedefind opened this issue May 25, 2018 · 0 comments
Closed

PKI Tidy deletes all certificates when safety_buffer is higher than 9223372036 #4641

smedefind opened this issue May 25, 2018 · 0 comments
Labels
internal Mark for internal discussion/implementation
Milestone
0.10.2

Comments

@smedefind
Copy link

Describe the bug
When you pass tidy a safety_buffer that is higher than int64 when converted to nanoseconds, the tidy job will delete every certificate in the cert store.

To Reproduce

# /opt/vault write pki/issue/role common_name=username ttl=31557600

# /opt/vault list pki/certs
Keys
----
68-21-c2-42-47-5d-f9-c3-7a-73-fc-f3-c0-54-3e-ec-98-4d-a6-a8

# /opt/vault read -format json pki/cert/68-21-c2-42-47-5d-f9-c3-7a-73-fc-f3-c0-54-3e-ec-98-4d-a6-a8 | jq -r .data.certificate | openssl x509 -noout -text | grep Not\ After\ :
            Not After : May 26 00:59:11 2019 GMT

# /opt/vault write /pki/tidy tidy_cert_store=true safety_buffer='9223372036'
Success! Data written to: pki/tidy

# /opt/vault list pki/certs
Keys
----
68-21-c2-42-47-5d-f9-c3-7a-73-fc-f3-c0-54-3e-ec-98-4d-a6-a8

# /opt/vault write /pki/tidy tidy_cert_store=true safety_buffer='9223372037'
Success! Data written to: pki/tidy

# /opt/vault list pki/certs
No value found at pki/certs/

Expected behavior
Tidy should never delete unexpired certificates.

Environment:

  • Vault Server Version (retrieve with vault status): 0.10.0
  • Vault CLI Version (retrieve with vault version): Vault v0.10.0 ('5dd7f25f5c4b541f2da62d70075b6f82771a650d')
  • Server Operating System/Architecture: LX Zone on Triton/Joyent
@jefferai jefferai modified the milestone: 0.10.2 May 26, 2018
@jefferai jefferai added the internal Mark for internal discussion/implementation label May 28, 2018
jefferai added a commit that referenced this issue May 28, 2018
@jefferai
Ensure safety_buffer in PKI is greater than zero
7590a7b 
Fixes #4641
@jefferai jefferai mentioned this issue May 28, 2018
Merged
jefferai added a commit that referenced this issue May 28, 2018
@jefferai
Ensure safety_buffer in PKI is greater than zero (#4643)
edf4f7a 
Fixes #4641
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
internal Mark for internal discussion/implementation
Projects
None yet
Milestone
0.10.2
Development

No branches or pull requests
2 participants
@jefferai @smedefind