agent won't start on IPv6 network

[kkaarreell]

Distro: F39 Arch: x86_64 Version: current upstream 2ca4b08

IPv6 related test are failing in the keylime-tests project. https://artifacts.dev.testing-farm.io/7a7a50d9-4b3f-49cd-8f94-b5b7f982df0e/

Agent fails to start with

 DEBUG keylime_agent               > Generating new key pair
 DEBUG keylime_agent               > Generating new mTLS certificate
Error: Crypto(X509BuilderError { message: "failed to build Subject Alternative Name", source: ErrorStack([]) })

This is most likely caused by the recent change https://github.com/keylime/rust-keylime/pull/744 Unfortunately, we are not currently running ipv6 tests in the rust-keylime project.

[ansasaki]

This is related with https://github.com/keylime/rust-keylime/issues/583

The certificate builder fails to set the Subject Alternative Name because the contact_ip in the configuration file is set with square brackets [] when using IPv6, which makes the parser to fail.

The correct way to fix this is to not require the address when using IPv6 to be set with brackets, meaning implementing the feature from #583

The test with IPv6 should be included in the CI as well

[ansasaki]

This should be fixed by #765

This is still open because there is no test running on the CI to verify that it works as expected with IPv6

[kkaarreell]

This should be fixed by #765

This is still open because there is no test running on the CI to verify that it works as expected with IPv6

I can confirm that. In keylime-tests repository we are running the IPv6 container test and it is passing with IPv6 addresses enclosed with square brackets. In addition, I have prepared a test PR https://github.com/RedHat-SP-Security/keylime-tests/pull/593 removing those square brackets and the IPv6 container test still passes (ran on C10S and F40). Therefore, I consider this issue successfully fixed.

[ansasaki]

Thank you for the confirmation! I'm closing this