snakeoil certificates do not have a CN set
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
edk2 (Ubuntu) |
Fix Released
|
Low
|
dann frazier |
Bug Description
There is no CN on the snakeoil PkKek certificate shipped by OVMF package.
That is probably not technically a bug, but is uncommon.
$ openssl x509 -noout -subject -in /usr/share/
subject=C = US, ST = Colorado, L = Fort Collins, O = SnakeOil
It causes stacktrace of 'virt-fw-vars' from virt-firmware python package.
$ virt-fw-vars -i /usr/share/
INFO: reading edk2 varstore from /usr/share/
INFO: var store range: 0x64 -> 0x40000
Traceback (most recent call last):
File "/home/
sys.
File "/home/
sigdb.
File "/home/
siglist.
File "/home/
cn = self.x509.
IndexError: list index out of range
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: ovmf 2022.02-
ProcVersionSign
Uname: Linux 5.19.0-41-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.11-0ubuntu82.4
Architecture: amd64
CasperMD5CheckR
CurrentDesktop: ubuntu:GNOME
Date: Wed May 17 13:16:17 2023
Dependencies:
InstallationDate: Installed on 2020-01-15 (1217 days ago)
InstallationMedia: Ubuntu 18.04.3 LTS "Bionic Beaver" - Release amd64 (20190805)
PackageArchitec
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
XDG_RUNTIME_
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: edk2
UpgradeStatus: Upgraded to jammy on 2020-04-17 (1125 days ago)
Changed in edk2 (Ubuntu): | |
assignee: | nobody → dann frazier (dannf) |
PR to fix this in virt-firmware at https:/ /gitlab. com/kraxel/ virt-firmware/ -/merge_ requests/ 3