mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
d731f6fd74
Installation or IPA CA renewal with externally-signed CA accepts an IPA CA certificate with empty Subject Key Identifier. This is technically legal in X.509, but is an operational issue. Furthermore, due to an extant bug in Dogtag (https://pagure.io/dogtagpki/issue/3079) it will cause Dogtag startup failure. Reject CA certificates with empty Subject Key Identifier. Fixes: https://pagure.io/freeipa/issue/7762 Reviewed-By: Christian Heimes <cheimes@redhat.com> |
||
---|---|---|
.. | ||
install | ||
__init__.py | ||
admintool.py | ||
certdb.py | ||
config.py | ||
cookie.py | ||
directivesetter.py | ||
dn.py | ||
dnsutil.py | ||
dogtag.py | ||
errors.py | ||
graph.py | ||
ipa_log_manager.py | ||
ipaldap.py | ||
ipautil.py | ||
ipavalidate.py | ||
kerberos.py | ||
kernel_keyring.py | ||
Makefile.am | ||
nsslib.py | ||
README | ||
session_storage.py | ||
setup.cfg | ||
setup.py | ||
ssh.py | ||
version.py.in |
This is a set of libraries common to IPA clients and servers though mostly geared currently towards command-line tools. A brief overview: config.py - identify the IPA server domain and realm. It uses python-dns to try to detect this information first and will fall back to /etc/ipa/default.conf if that fails. ipautil.py - helper functions entity.py - entity is the main data type. User and Group extend this class (but don't add anything currently). ipavalidate.py - basic data validation routines