freeipa/ipapython
Fraser Tweedale d731f6fd74 certdb: ensure non-empty Subject Key Identifier
Installation or IPA CA renewal with externally-signed CA accepts an
IPA CA certificate with empty Subject Key Identifier. This is
technically legal in X.509, but is an operational issue.
Furthermore, due to an extant bug in Dogtag
(https://pagure.io/dogtagpki/issue/3079) it will cause Dogtag
startup failure.

Reject CA certificates with empty Subject Key Identifier.

Fixes: https://pagure.io/freeipa/issue/7762
Reviewed-By: Christian Heimes <cheimes@redhat.com>
2018-11-12 11:23:16 +01:00
..
install Py3: Remove subclassing from object 2018-09-27 11:49:04 +02:00
__init__.py Rename ipa-python directory to ipapython so it is a real python library 2009-02-09 14:35:15 -05:00
admintool.py Py3: Remove subclassing from object 2018-09-27 11:49:04 +02:00
certdb.py certdb: ensure non-empty Subject Key Identifier 2018-11-12 11:23:16 +01:00
config.py Py3: Replace six.moves imports 2018-10-05 12:06:19 +02:00
cookie.py Py3: Replace six.moves imports 2018-10-05 12:06:19 +02:00
directivesetter.py Py3: Replace six.text_type with str 2018-09-27 16:11:18 +02:00
dn.py Py3: Replace six.text_type with str 2018-09-27 16:11:18 +02:00
dnsutil.py Py3: Replace six.string_types with str 2018-09-27 16:11:18 +02:00
dogtag.py Py3: Replace six.moves imports 2018-10-05 12:06:19 +02:00
errors.py Replace StandardError with Exception 2015-09-30 10:51:36 +02:00
graph.py Py3: Remove subclassing from object 2018-09-27 11:49:04 +02:00
ipa_log_manager.py Py3: Replace six.string_types with str 2018-09-27 16:11:18 +02:00
ipaldap.py ipaldap: avoid invalid modlist when attribute encoding differs 2018-11-06 10:59:06 +01:00
ipautil.py Py3: Replace six.moves imports 2018-10-05 12:06:19 +02:00
ipavalidate.py Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
kerberos.py Py3: Replace six.bytes_type with bytes 2018-09-27 16:11:18 +02:00
kernel_keyring.py Py3: Replace six.string_types with str 2018-09-27 16:11:18 +02:00
Makefile.am ipapython: fix DEFAULT_PLUGINS in version.py 2017-03-09 18:39:48 +01:00
nsslib.py Remove ipapython.nsslib as it is not used anymore 2017-03-01 09:43:41 +00:00
README Replace DNS client based on acutil with python-dns 2012-05-24 13:55:56 +02:00
session_storage.py Fix pylint warnings inconsistent-return-statements 2017-12-18 11:51:14 +01:00
setup.cfg Port all setup.py to setuptools 2016-10-20 18:43:37 +02:00
setup.py Remove Python 2 support and packages 2018-09-06 17:39:00 +02:00
ssh.py Py3: Remove subclassing from object 2018-09-27 11:49:04 +02:00
version.py.in ipapython: fix DEFAULT_PLUGINS in version.py 2017-03-09 18:39:48 +01:00

This is a set of libraries common to IPA clients and servers though mostly
geared currently towards command-line tools.

A brief overview:

config.py - identify the IPA server domain and realm. It uses python-dns to
            try to detect this information first and will fall back to
            /etc/ipa/default.conf if that fails.

ipautil.py - helper functions

entity.py - entity is the main data type. User and Group extend this class
            (but don't add anything currently).

ipavalidate.py - basic data validation routines