IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

certs: do not export CA certs in install_pem_from_p12

Browse Source 
This fixes `kdc.crt` containing the full chain rather than just the KDC
certificate in CA-less server install.

https://pagure.io/freeipa/issue/6831
https://pagure.io/freeipa/issue/6869

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
This commit is contained in:
Jan Cholasta
2017-05-03 06:12:36 +00:00
committed by Martin Basti
parent 0c5b2c42bf
commit cc572378a6
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ipaserver/install/certs.py
View File

@@ -64,7 +64,7 @@ def get_cert_nickname(cert):
def install_pem_from_p12(p12_fname, p12_passwd, pem_fname):
pwd = ipautil.write_tmp_file(p12_passwd)
ipautil.run([paths.OPENSSL, "pkcs12", "-nokeys",
ipautil.run([paths.OPENSSL, "pkcs12", "-nokeys", "-clcerts",
"-in", p12_fname, "-out", pem_fname,
"-passin", "file:" + pwd.name])