IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

certs: Fix incorrect flag handling in load_cacert

Browse Source 
For CA certificates that are not certificates of IPA CA, we incorrectly
set the trust flags to ",,", regardless what the actual trust_flags
parameter was passed.

Make the load_cacert method respect trust_flags and make it a required
argument.

https://fedorahosted.org/freeipa/ticket/4779

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Tomas Babej 2014-12-02 13:13:51 +01:00 committed by Jan Cholasta
parent 79d9c49436
commit faec4ef9de
2 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ipaserver/install/certs.py
View File

@ -238,7 +238,7 @@ class CertDB(object):
"-k", self.passwd_fname]) "-k", self.passwd_fname])
self.set_perms(self.pk12_fname) self.set_perms(self.pk12_fname)
def load_cacert(self, cacert_fname, trust_flags='C,,'): def load_cacert(self, cacert_fname, trust_flags):
""" """
Load all the certificates from a given file. It is assumed that Load all the certificates from a given file. It is assumed that
this file creates CA certificates. this file creates CA certificates.
@ -255,11 +255,9 @@ class CertDB(object):
(rdn, subject_dn) = get_cert_nickname(cert) (rdn, subject_dn) = get_cert_nickname(cert)
if subject_dn == ca_dn: if subject_dn == ca_dn:
nick = get_ca_nickname(self.realm) nick = get_ca_nickname(self.realm)
tf = trust_flags
else: else:
nick = str(subject_dn) nick = str(subject_dn)
tf = ',,' self.nssdb.add_cert(cert, nick, trust_flags, pem=True)
self.nssdb.add_cert(cert, nick, tf, pem=True)
except RuntimeError: except RuntimeError:
break break

2
ipaserver/install/dsinstance.py
View File

@ -840,7 +840,7 @@ class DsInstance(service.Service):
certdb.cacert_name = cacert_name certdb.cacert_name = cacert_name
status = True status = True
try: try:
certdb.load_cacert(cacert_fname) certdb.load_cacert(cacert_fname, 'C,,')
except ipautil.CalledProcessError, e: except ipautil.CalledProcessError, e:
root_logger.critical("Error importing CA cert file named [%s]: %s" % root_logger.critical("Error importing CA cert file named [%s]: %s" %
(cacert_fname, str(e))) (cacert_fname, str(e)))