IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix certificate management with service-mod

Browse Source 
Adding or removing certificates from a service via --addattr or
--delattr is broken.  Get certificates from entry_attrs instead of
options.

https://fedorahosted.org/freeipa/ticket/4238

Reviewed-By: Martin Basti <mbasti@redhat.com>
This commit is contained in:
Fraser Tweedale 2015-06-03 02:49:28 -04:00 committed by Jan Cholasta
parent b6924c00ab
commit 62e9867114
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ipalib/plugins/service.py
View File

@ -598,7 +598,7 @@ class service_mod(LDAPUpdate):
(service, hostname, realm) = split_principal(keys[-1]) (service, hostname, realm) = split_principal(keys[-1])
# verify certificates # verify certificates
certs = options.get('usercertificate') or [] certs = entry_attrs.get('usercertificate') or []
certs_der = map(x509.normalize_certificate, certs) certs_der = map(x509.normalize_certificate, certs)
for dercert in certs_der: for dercert in certs_der:
x509.verify_cert_subject(ldap, hostname, dercert) x509.verify_cert_subject(ldap, hostname, dercert)