Fix to ipa-ca-install asking for host principal password

With a ca_cert_file specified in options, the nss_db was used before the
certificates from the file were added to it, which caused an exception
that led to fallback to ssh which is broken.

https://fedorahosted.org/freeipa/ticket/5965

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Stanislav Laznicka 2016-06-22 16:08:49 +02:00 committed by Martin Basti
parent 06d945a046
commit 0db48e4d04

View File

@ -462,10 +462,6 @@ def main():
nss_dir = paths.IPA_NSSDB_DIR
with certdb.NSSDatabase(nss_dir) as nss_db:
api.bootstrap(context='client', xmlrpc_uri=xmlrpc_uri,
nss_dir=nss_db.secdir)
api.finalize()
if options.ca_cert_file:
nss_dir = nss_db.secdir
@ -483,6 +479,9 @@ def main():
else:
nss_dir = None
api.bootstrap(context='client', xmlrpc_uri=xmlrpc_uri,
nss_dir=nss_db.secdir)
api.finalize()
try:
api.Backend.rpcclient.connect()
api.Command.ping()