Jan Orel wrote:
> Hello,
> 
> this patch removes (IMHO) redundat check in cert_show, which fails when
> host tries to re-submit certificate of different host/service which he
> can manage. 
> 
> I also reported the bug here:
> https://bugzilla.redhat.com/show_bug.cgi?id=1269089
> 
> I tired to run the tests as well and it doesn't seem to break anything.
> Any feedpack appriciated.

This works around the "Retrieve Certificates from the CA" ACL when done
as a host.

I guess if the hostname isn't the subject then the host for the subject
needs to be read and then look to see if hostname is in the managed_by list.

rob

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to