From 7a86ff5d9bf5d9bf0f5970298addcd5b0f21d728 Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka <slaznick@redhat.com>
Date: Fri, 25 Aug 2017 10:35:08 +1000
Subject: [PATCH] Fix cert file creation during CA-less installation

When writing extracted certs and keys to the file, we opened the
same file at a different spot but the original file position
indicator would not be moved when the certificate is written there.
The result is that the certificate gets rewritten by the private
key.  This commit fixes it.

Fixes: https://pagure.io/freeipa/issue/7118
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
---
 ipapython/certdb.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ipapython/certdb.py b/ipapython/certdb.py
index 87f559591..92da7829a 100644
--- a/ipapython/certdb.py
+++ b/ipapython/certdb.py
@@ -581,7 +581,8 @@ class NSSDatabase(object):
         if extracted_key:
             with tempfile.NamedTemporaryFile() as in_file, \
                     tempfile.NamedTemporaryFile() as out_file:
-                x509.write_certificate_list(extracted_certs, in_file.name)
+                for cert in extracted_certs:
+                    in_file.write(cert.public_bytes(x509.Encoding.PEM))
                 in_file.write(extracted_key)
                 in_file.flush()
                 out_password = ipautil.ipa_generate_password()