Allow multiple CA certificates in replica info files.

Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2025-02-25 18:55:28 -06:00 · 2014-07-03 15:29:44 +02:00 · 2014-07-03 15:29:44 +02:00 · 987bf3fbf0
commit 987bf3fbf0
parent f1e186d7d8
1 changed files with 15 additions and 1 deletions
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@ -868,7 +868,21 @@ class CertDB(object):
            raise RuntimeError("Could not find a suitable server cert in import in %s" % pkcs12_fname)

        if ca_file:
-            self.nssdb.import_pem_cert('CA', ',,', ca_file)
+            try:
+                with open(ca_file) as fd:
+                    certs = fd.read()
+            except IOError as e:
+                raise RuntimeError(
+                    "Failed to open %s: %s" % (ca_file, e.strerror))
+            st = 0
+            num = 1
+            while True:
+                try:
+                    cert, st = find_cert_from_txt(certs, st)
+                except RuntimeError:
+                    break
+                self.add_cert(cert, 'CA %s' % num, ',,', pem=True)
+                num += 1

        # We only handle one server cert
        nickname = server_certs[0][0]