mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-26 08:06:30 -06:00
ca: fix ca-find with --pkey-only
Since commit 32b1743e5f
, ca-find will fail
with internal error if --pkey-only is specified, because the code to
look up the CA certificate and certificate chain assumes that the ipaCAId
attribute is always present in the result.
Fix this by not attempting to lookup the certificate / chain at all when
--pkey-only is specified.
https://fedorahosted.org/freeipa/ticket/6178
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
This commit is contained in:
parent
1e06a5195b
commit
ceb26f5ac4
@ -162,7 +162,10 @@ class ca(LDAPObject):
|
|||||||
|
|
||||||
|
|
||||||
def set_certificate_attrs(entry, options, want_cert=True):
|
def set_certificate_attrs(entry, options, want_cert=True):
|
||||||
|
try:
|
||||||
ca_id = entry['ipacaid'][0]
|
ca_id = entry['ipacaid'][0]
|
||||||
|
except KeyError:
|
||||||
|
return
|
||||||
full = options.get('all', False)
|
full = options.get('all', False)
|
||||||
want_chain = options.get('chain', False)
|
want_chain = options.get('chain', False)
|
||||||
|
|
||||||
@ -192,6 +195,7 @@ class ca_find(LDAPSearch):
|
|||||||
def execute(self, *keys, **options):
|
def execute(self, *keys, **options):
|
||||||
ca_enabled_check()
|
ca_enabled_check()
|
||||||
result = super(ca_find, self).execute(*keys, **options)
|
result = super(ca_find, self).execute(*keys, **options)
|
||||||
|
if not options.get('pkey_only', False):
|
||||||
for entry in result['result']:
|
for entry in result['result']:
|
||||||
set_certificate_attrs(entry, options, want_cert=False)
|
set_certificate_attrs(entry, options, want_cert=False)
|
||||||
return result
|
return result
|
||||||
|
Loading…
Reference in New Issue
Block a user