IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
edfe95b120edd4794c7d1e1290c99116fac3b194
freeipa/ipalib
History
Fraser Tweedale 769180c2c6 Do not renew externally-signed CA as self-signed 
Commit 49cf5ec64b fixed a bug that
prevented migration from externally-signed to self-signed IPA CA.
But it introduced a subtle new issue: certmonger-initiated renewal
renews an externally-signed IPA CA as a self-signed CA.

To resolve this issue, introduce the `--force-self-signed' flag for
the dogtag-ipa-ca-renew-agent script.  Add another certmonger CA
definition that calls this script with the `--force-self-signed'
flag.  Update dogtag-ipa-ca-renew-agent to only issue a self-signed
CA certificate if the existing certificate is self-signed or if
`--force-self-signed' was given.  Update `ipa-cacert-manage renew'
to supply `--force-self-signed' when appropriate.

As a result of these changes, certmonger-initiated renewal of an
externally-signed IPA CA certificate will not issue a self-signed
certificate.

Fixes: https://pagure.io/freeipa/issue/8176
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2020-01-29 21:47:14 +11:00
..
install
Fix errors found by Pylint-2.4.3
2019-10-21 18:01:32 +11:00
__init__.py
Fix errors found by Pylint-2.4.3
2019-10-21 18:01:32 +11:00
aci.py
Py3: Replace six.string_types with str
2018-09-27 16:11:18 +02:00
backend.py
Fix Pylint 2.0 violations
2018-07-14 12:04:19 +02:00
base.py
Py3: Replace six.string_types with str
2018-09-27 16:11:18 +02:00
capabilities.py
Replace LooseVersion
2016-11-24 15:46:40 +01:00
cli.py
make sure IPA_CONFDIR is used to check that client is configured
2019-01-10 11:24:08 +01:00
config.py
Don't hard-code client's TLS versions and ciphers
2019-12-02 16:48:07 +01:00
constants.py
Do not renew externally-signed CA as self-signed
2020-01-29 21:47:14 +11:00
crud.py
ipalib, ipaserver: fix incorrect API.register calls in docstrings
2016-05-25 16:06:26 +02:00
dns.py
dnsrecord-mod: allow to modify ttl without passing the record
2019-07-01 09:16:21 +02:00
errors.py
Require UTF-8 fs encoding
2017-11-21 16:13:28 +01:00
frontend.py
Fixed errors newly exposed by pylint 2.4.0
2019-09-25 20:14:06 +10:00
krb_utils.py
Allow login to WebUI using Kerberos aliases/enterprise principals
2017-03-08 15:56:11 +01:00
Makefile.am
Build: Makefiles for Python packages
2016-11-09 13:08:32 +01:00
messages.py
Handle missing LWCA certificate or chain
2019-06-18 10:36:24 +10:00
misc.py
Add fix for ipa plugins command
2017-02-17 10:22:07 +01:00
output.py
Generate same API.txt under Python 2 and 3
2018-02-15 09:41:30 +01:00
parameters.py
DNParam: raise Exception when multiple values provided to a 1-val param
2019-11-20 11:15:28 +01:00
pkcs10.py
Remove pkcs10 module contents
2017-10-25 09:46:41 +02:00
plugable.py
Removed unnecessary imports after code review.
2019-09-27 09:38:32 +02:00
request.py
Py3: Remove subclassing from object
2018-09-27 11:49:04 +02:00
rpc.py
rpc: always read response
2018-11-07 08:39:42 +01:00
setup.cfg
Port all setup.py to setuptools
2016-10-20 18:43:37 +02:00
setup.py
Cleanup shebang and executable bit
2018-07-05 19:46:42 +02:00
text.py
Py3: Remove subclassing from object
2018-09-27 11:49:04 +02:00
util.py
Fix logic of check_client_configuration
2019-12-05 15:09:38 +01:00
x509.py
move MSCSTemplate classes to ipalib
2019-07-17 17:58:58 +03:00