mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 15:40:01 -06:00
Print correct subject on CA cert verification failure
In load_external_cert(), if verification fails for a certificate in the trust chain, the error message contains the last subject name from a previous iteration of the trust chain, instead of the subject name of the current certificate. To report the correct subject, look it up using the current nickname. Part of: https://pagure.io/freeipa/issue/7761 Reviewed-By: Christian Heimes <cheimes@redhat.com>
This commit is contained in:
parent
3abfaa5754
commit
a2a293ed2f
@ -1043,6 +1043,7 @@ def load_external_cert(files, ca_subject):
|
||||
try:
|
||||
nssdb.verify_ca_cert_validity(nickname)
|
||||
except ValueError as e:
|
||||
cert, subject, issuer = cache[nickname]
|
||||
raise ScriptError(
|
||||
"CA certificate %s in %s is not valid: %s" %
|
||||
(subject, ", ".join(files), e))
|
||||
|
Loading…
Reference in New Issue
Block a user