URL: https://github.com/freeipa/freeipa/pull/1007 Author: stlaz Title: #1007: py3: minor fixes Action: opened
PR body: """ These are some bugs that were introduced by an accident and showed while testing with RHEL 6.9 client. https://pagure.io/freeipa/issue/4985 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1007/head:pr1007 git checkout pr1007
From dbac99f0e2afe6fd9abc1b671b880b3440e34e12 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Mon, 28 Aug 2017 10:52:15 +0200 Subject: [PATCH 1/2] rpc: don't encode bytes bytes.encode() appeared in rpc.py by a mistake, should have been bytes.decode() https://pagure.io/freeipa/issue/4985 --- ipalib/rpc.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipalib/rpc.py b/ipalib/rpc.py index ffa2b92f97..4b81e89975 100644 --- a/ipalib/rpc.py +++ b/ipalib/rpc.py @@ -195,7 +195,7 @@ def xml_wrap(value, version): if isinstance(value, crypto_x509.Certificate): return base64.b64encode( - value.public_bytes(x509_Encoding.DER)).encode('ascii') + value.public_bytes(x509_Encoding.DER)).decode('ascii') assert type(value) in (unicode, float, bool, type(None)) + six.integer_types return value From d38712dfb574a860538a9e0401f4a4d6157350c1 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Mon, 28 Aug 2017 10:54:11 +0200 Subject: [PATCH 2/2] cert: fix wrong assumption of cert-show result type cert-show returns a base64 encoded certificate yet the assumption here was for a PEM bytes instance. https://pagure.io/freeipa/issue/4985 --- ipaserver/plugins/cert.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index ad8bea669e..ebae9926ef 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -1270,8 +1270,8 @@ def execute(self, serial_number, **kw): logger.debug("Not granted by ACI to revoke certificate, " "looking at principal") try: - cert = x509.load_pem_x509_certificate( - resp['result']['certificate']) + cert = x509.load_der_x509_certificate( + base64.b64decode(resp['result']['certificate'])) if not bind_principal_can_manage_cert(cert): raise acierr except errors.NotImplementedError:
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
