IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Normalize external CA cert before passing it to pkispawn

Browse Source 
https://fedorahosted.org/freeipa/ticket/4019

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
This commit is contained in:
Jan Cholasta
2014-08-29 13:35:45 +02:00
committed by Petr Viktorin
parent 8aa01e24a1
commit 93346b1cf9
1 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
ipaserver/install/cainstance.py
View File

@@ -534,6 +534,11 @@ class CAInstance(DogtagInstance):
config.set("CA", "pki_external_csr_path", self.csr_file)
elif self.external == 2:
cert = x509.load_certificate_from_file(self.cert_file)
cert_file = tempfile.NamedTemporaryFile()
x509.write_certificate(cert.der_data, cert_file.name)
cert_file.flush()
cert_chain, stderr, rc = ipautil.run(
[paths.OPENSSL, 'crl2pkcs7',
'-certfile', self.cert_chain_file,
@@ -546,7 +551,7 @@ class CAInstance(DogtagInstance):
cert_chain_file = ipautil.write_tmp_file(cert_chain)
config.set("CA", "pki_external", "True")
config.set("CA", "pki_external_ca_cert_path", self.cert_file)
config.set("CA", "pki_external_ca_cert_path", cert_file.name)
config.set("CA", "pki_external_ca_cert_chain_path", cert_chain_file.name)
config.set("CA", "pki_external_step_two", "True")
@@ -660,10 +665,15 @@ class CAInstance(DogtagInstance):
args.append("-ext_csr_file")
args.append(self.csr_file)
elif self.external == 2:
cert = x509.load_certificate_from_file(self.cert_file)
cert_file = tempfile.NamedTemporaryFile()
x509.write_certificate(cert.der_data, cert_file.name)
cert_file.flush()
args.append("-external")
args.append("true")
args.append("-ext_ca_cert_file")
args.append(self.cert_file)
args.append(cert_file.name)
args.append("-ext_ca_cert_chain_file")
args.append(self.cert_chain_file)
else: