IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix invalid issuer in unit tests

Browse Source 
Fix several test failures when issuer does not match the one
generated by make-testcert (CN=Certificate Authority,O=<realm>).

https://fedorahosted.org/freeipa/ticket/1527
This commit is contained in:
Martin Kosek
2011-07-27 11:02:00 +02:00
committed by Rob Crittenden
parent 1b09ca53a2
commit 18aa73e06e
4 changed files with 14 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ipalib/x509.py
View File

@@ -45,6 +45,10 @@ from ipalib import errors
PEM = 0
DER = 1
def valid_issuer(issuer, realm):
return issuer in ('CN=%s Certificate Authority' % realm,
'CN=Certificate Authority,O=%s' % realm,)
def strip_header(pem):
"""
Remove the header and footer from a certificate.
@@ -187,8 +191,7 @@ def verify_cert_subject(ldap, hostname, dercert):
issuer = str(nsscert.issuer)
# Handle both supported forms of issuer, from selfsign and dogtag.
if ((issuer != 'CN=%s Certificate Authority' % api.env.realm) and
(issuer != 'CN=Certificate Authority,O=%s' % api.env.realm)):
if (not valid_issuer(issuer, api.env.realm)):
raise errors.CertificateOperationError(error=_('Issuer "%(issuer)s" does not match the expected issuer') % \
{'issuer' : issuer})