Revocation reason 7 is undefined in the RFCs, disallow it.

https://fedorahosted.org/freeipa/ticket/1318
>From 1fce43c2bb94bdaa7702a53d4524879857c83af6 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Tue, 14 Jun 2011 22:03:02 -0400
Subject: [PATCH] Return an error message when revocation reason 7 is used

7 is undefined as a revocation reason.

https://fedorahosted.org/freeipa/ticket/1318
---
 ipalib/plugins/cert.py |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/ipalib/plugins/cert.py b/ipalib/plugins/cert.py
index a1e86ea..643e1cd 100644
--- a/ipalib/plugins/cert.py
+++ b/ipalib/plugins/cert.py
@@ -551,6 +551,8 @@ class cert_revoke(VirtualCommand):
                 result = api.Command['cert_show'](unicode(serial_number))['result']
             except errors.NotImplementedError:
                 pass
+        if kw['revocation_reason'] == 7:
+            raise errors.CertificateOperationError(error=_('7 is not a valid revocation reason'))
         return dict(
             result=self.Backend.ra.revoke_certificate(serial_number, **kw)
         )
-- 
1.7.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to