IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Don't base64-encode the CA cert when uploading it during an upgrade.

Browse Source 
We want to store the raw value. Tools like ldapsearch will automatically
base64 encode the value because it's binary so we don't want to duplicate
that.

https://fedorahosted.org/freeipa/ticket/3477
This commit is contained in:
Rob Crittenden 2013-03-06 14:28:18 -05:00 committed by Martin Kosek
parent 0b0af8b233
commit f6f8307be2
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ipaserver/install/plugins/upload_cacrt.py
View File

@ -39,7 +39,6 @@ class update_upload_cacrt(PostUpdate):
certdb = certs.CertDB(api.env.realm, nssdir=dirname, subject_base=subject_base)
dercert = certdb.get_cert_from_db(certdb.cacert_name, pem=False)
cadercert = base64.b64encode(dercert)
updates = {}
dn = DN(('cn', 'CACert'), ('cn', 'ipa'), ('cn','etc'), api.env.basedn)
@ -47,7 +46,7 @@ class update_upload_cacrt(PostUpdate):
cacrt_entry = ['objectclass:nsContainer',
'objectclass:pkiCA',
'cn:CAcert',
'cACertificate;binary:%s' % cadercert,
'cACertificate;binary:%s' % dercert,
]
updates[dn] = {'dn': dn, 'default': cacrt_entry}