Hi,
Dne 2.12.2014 v 13:16 Tomas Babej napsal(a):
Hi,
For CA certificates that are not certificates of IPA CA, we incorrectly
set the trust flags to ",,", regardless what the actual trust_flags
parameter was passed.
Make the load_cacert method respect trust_flags and make "C,," default
set of trust flags.
For unknown CA certificates, you must keep the default ",," and
explicitly override it where necessary. We don't want to trust *any* CA
certificate to issue server certs.
https://fedorahosted.org/freeipa/ticket/4779
Honza
--
Jan Cholasta
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
