IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

certdb: add named trust flag constants

Browse Source 
Add named constants for common trust flag combinations.

Use the named constants instead of trust flags strings in the code.

https://pagure.io/freeipa/issue/6831

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
This commit is contained in:
Jan Cholasta
2017-04-27 09:33:25 +02:00
committed by Martin Basti
parent a0566ed9ce
commit 235265a5f5
12 changed files with 44 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ipaserver/install/server/upgrade.py
View File

@@ -1389,7 +1389,7 @@ def fix_trust_flags():
nickname = certdb.get_ca_nickname(api.env.realm)
cert = db.get_cert_from_db(nickname)
if cert:
db.trust_root_cert(nickname, 'CT,C,C')
db.trust_root_cert(nickname, certdb.IPA_CA_TRUST_FLAGS)
sysupgrade.set_upgrade_state('http', 'fix_trust_flags', True)
@@ -1407,7 +1407,7 @@ def fix_server_cert_trust_flags():
sc_nickname = installutils.get_directive(paths.HTTPD_NSS_CONF,
"NSSNickname")
# Add trust flag which set certificate trusted for SSL connections.
db.trust_root_cert(sc_nickname, "P,,")
db.trust_root_cert(sc_nickname, certdb.TRUSTED_PEER_TRUST_FLAGS)
sysupgrade.set_upgrade_state('http', 'fix_serv_cert_trust_flags', True)