Commit Graph

2 Commits

Author SHA1 Message Date
Rob Crittenden
dd69c7dbe6 Make data type of certificates more obvious/predictable internally.
For the most part certificates will be treated as being in DER format.
When we load a certificate we will generally accept it in any format but
will convert it to DER before proceeding in normalize_certificate().

This also re-arranges a bit of code to pull some certificate-specific
functions out of ipalib/plugins/service.py into ipalib/x509.py.

This also tries to use variable names to indicate what format the certificate
is in at any given point:

dercert: DER
cert: PEM
nsscert: a python-nss Certificate object
rawcert: unknown format

ticket 32
2011-06-21 19:09:50 -04:00
Rob Crittenden
a2a3782efb Require an imported certificate's issuer to match our issuer.
The goal is to not import foreign certificates.

This caused a bunch of tests to fail because we had a hardcoded server
certificate. Instead a developer will need to run make-testcert to
create a server certificate generated by the local CA to test against.

ticket 1134
2011-06-16 19:27:17 -04:00