From 1f30cc65276a532e7288217f216b72a2b0628c8f Mon Sep 17 00:00:00 2001 From: Florence Blanc-Renaud Date: Thu, 27 Apr 2023 18:42:36 +0200 Subject: [PATCH] cert_find: fix call with --all When ipa cert-find --all is called, the function prints the certificate public bytes. The code recently switched to OpenSSL.crypto and the objects OpenSSL.crypto.X509 do not have the method public_bytes(). Use to_cryptography() to transform into a cryptography.x509.Certificate before calling public_bytes(). Related: https://pagure.io/freeipa/issue/9331 Signed-off-by: Florence Blanc-Renaud Reviewed-By: Rob Crittenden --- ipaserver/plugins/cert.py | 1 + 1 file changed, 1 insertion(+) diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index 61dfde5fe..400b1b3ce 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -1827,6 +1827,7 @@ class cert_find(Search, CertMethod): # For the case of CA-less we need to keep # the certificate because getting it again later # would require unnecessary LDAP searches. + cert = cert.to_cryptography() obj['certificate'] = ( base64.b64encode( cert.public_bytes(x509.Encoding.DER))