mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
c5bcaab8f1
ipa-cacert-manage prune is removing the expired certs one at a time and this may result in verifying that one of the expired certs is still valid. As a consequence, ipa-cacert-manage prune always fails when more than 1 cert are expired. To avoid the issue, remove all the expired certs in a single pass, and validate only the ones that would remain after full pruning. Fixes: https://pagure.io/freeipa/issue/9244 Signed-off-by: Florence Blanc-Renaud <flo@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>