mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
CertDB: add API for non-destructive initialization from PKCS#12 bundle
`create_from_pkcs12` method of CertDB was re-creating NSS database files during PKCS#12 bundle import. This may cause bugs because the file permissions could be re-set to wrong values causing subtle bugs. Modify the class API so that the server cert chain can be imported while preserving existing FS attributes. https://fedorahosted.org/freeipa/ticket/6429 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
parent
7279ef1d0f
commit
2fdc2d0cb7
@ -588,6 +588,14 @@ class CertDB(object):
|
||||
self.create_noise_file()
|
||||
self.create_passwd_file(passwd)
|
||||
self.create_certdbs()
|
||||
self.init_from_pkcs12(
|
||||
pkcs12_fname,
|
||||
pkcs12_passwd,
|
||||
ca_file=ca_file,
|
||||
trust_flags=trust_flags)
|
||||
|
||||
def init_from_pkcs12(self, pkcs12_fname, pkcs12_passwd,
|
||||
ca_file=None, trust_flags=None):
|
||||
self.import_pkcs12(pkcs12_fname, pkcs12_passwd)
|
||||
server_certs = self.find_server_certs()
|
||||
if len(server_certs) == 0:
|
||||
|
Loading…
Reference in New Issue
Block a user