IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

httpinstance: add pinfile when tracking certificate

Browse Source 
When the HTTP certificate gets untracked then tracked again, it
loses its pin file.  Ensure we add the pin file when (re-)tracking
the HTTP certificate.

Part of: https://pagure.io/freeipa/issue/7991

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Rob Crittenden 2019-07-17 16:51:16 +10:00 committed by Fraser Tweedale
parent 65d9a9be52
commit f5822e3a25
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ipaserver/install/httpinstance.py
View File

@ -585,11 +585,14 @@ class HTTPInstance(service.Service):
str(e))
def start_tracking_certificates(self):
key_passwd_file = paths.HTTPD_PASSWD_FILE_FMT.format(host=api.env.host)
cert = x509.load_certificate_from_file(paths.HTTPD_CERT_FILE)
if certs.is_ipa_issued_cert(api, cert):
request_id = certmonger.start_tracking(
certpath=(paths.HTTPD_CERT_FILE, paths.HTTPD_KEY_FILE),
post_command='restart_httpd', storage='FILE'
post_command='restart_httpd', storage='FILE',
profile=dogtag.DEFAULT_PROFILE,
pinfile=key_passwd_file,
)
subject = str(DN(cert.subject))
certmonger.add_principal(request_id, self.principal)