[Freeipa-devel] [PATCH] 148 Skip cert issuer validation in service and host commands in CA-less install

Jan Cholasta Sun, 07 Jul 2013 22:12:01 -0700

Hi,

the attached patch fixes <https://fedorahosted.org/freeipa/ticket/3736>.


Honza

--
Jan Cholasta

>From 9e18d5fb7a9c7d4e7604ca2788c087963fc2c0bb Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Wed, 3 Jul 2013 11:00:58 +0200
Subject: [PATCH] Skip cert issuer validation in service and host commands in
 CA-less install.

https://fedorahosted.org/freeipa/ticket/3736
---
 ipalib/x509.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ipalib/x509.py b/ipalib/x509.py
index dc5418e..ca6eac5 100644
--- a/ipalib/x509.py
+++ b/ipalib/x509.py
@@ -61,9 +61,12 @@ def subject_base():
     return _subject_base
 
 def valid_issuer(issuer):
+    if not api.env.enable_ra:
+        return True
     # Handle all supported forms of issuer -- currently dogtag only.
     if api.env.ra_plugin == 'dogtag':
         return DN(issuer) == DN(('CN', 'Certificate Authority'), subject_base())
+    return True
 
 def strip_header(pem):
     """
-- 
1.8.3.1

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 148 Skip cert issuer validation in service and host commands in CA-less install

Reply via email to