Jan Orel wrote: > Hello, > > this patch removes (IMHO) redundat check in cert_show, which fails when > host tries to re-submit certificate of different host/service which he > can manage. > > I also reported the bug here: > https://bugzilla.redhat.com/show_bug.cgi?id=1269089 > > I tired to run the tests as well and it doesn't seem to break anything. > Any feedpack appriciated.
This works around the "Retrieve Certificates from the CA" ACL when done as a host. I guess if the hostname isn't the subject then the host for the subject needs to be read and then look to see if hostname is in the managed_by list. rob -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code