Raise ACI error when CSR does not have a subject hostname.

Ticket: https://fedorahosted.org/freeipa/ticket/3123

--
Lynn Root

@roguelynn
Associate Software Engineer
Red Hat, Inc

>From c627c853164a6eece19306938fa7d9bead4a4730 Mon Sep 17 00:00:00 2001
From: Lynn Root <lr...@redhat.com>
Date: Mon, 10 Dec 2012 09:13:13 -0500
Subject: [PATCH] Raise ACI error when CSR does not have a subject hostname

Raise ACI error when CSR does not have a subject hostname.

Ticket: https://fedorahosted.org/freeipa/ticket/3123
---
 ipalib/plugins/cert.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ipalib/plugins/cert.py b/ipalib/plugins/cert.py
index c4bbf8215341d1fdbf8b84cf70ee7ebd8e2b96c4..e33a9743ba1978a3eea65326049f792d2b277e17 100644
--- a/ipalib/plugins/cert.py
+++ b/ipalib/plugins/cert.py
@@ -296,6 +296,10 @@ class cert_request(VirtualCommand):
 
         # Ensure that the hostname in the CSR matches the principal
         subject_host = get_csr_hostname(csr)
+        if not subject_host:
+            raise errors.ACIError(
+                info=_("No hostname was found in subject of request"))
+
         (servicename, hostname, realm) = split_principal(principal)
         if subject_host.lower() != hostname.lower():
             raise errors.ACIError(
-- 
1.8.0.1

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to