IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix certificate retrieval in ipa-replica-prepare for DL0

Browse Source 
The NSSDatabase object doesn't know the format of an NSS database
until the database is created so an explcit call to nssdb.create_db.

https://pagure.io/freeipa/issue/7469

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
This commit is contained in:
Rob Crittenden 2018-03-27 16:59:55 -04:00 committed by Felipe Barreto
parent 880d9b4134
commit 573f13228d
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ipaserver/install/certs.py
View File

@ -569,8 +569,16 @@ class CertDB(object):
]) ])
def create_from_cacert(self): def create_from_cacert(self):
"""
Ensure that a CA chain is in the NSS database.
If an NSS database already exists ensure that the CA chain
we want to load is in there and if not add it. If there is no
database then create an NSS database and load the CA chain.
"""
cacert_fname = paths.IPA_CA_CRT cacert_fname = paths.IPA_CA_CRT
if os.path.isfile(self.certdb_fname):
if self.nssdb.exists():
# We already have a cert db, see if it is for the same CA. # We already have a cert db, see if it is for the same CA.
# If it is we leave things as they are. # If it is we leave things as they are.
with open(cacert_fname, "r") as f: with open(cacert_fname, "r") as f: