Martin Basti wrote:
On 15.03.2016 07:26, David Kupka wrote:
On 14/03/16 09:29, Jan Cholasta wrote:
Hi,
the attached patch fixes <https://fedorahosted.org/freeipa/ticket/5117>
and <https://fedorahosted.org/freeipa/ticket/5720>.
Honza
Hi, thanks for the patch. I haven't found any distortion of affected
use cases, ACK.
Pushed to:
ipa-4-2: 00097c1dd82f55b1e004b9d6eb4f6ed7fb6ffca8
ipa-4-3: b7bf55e951cabf77aa72b4b795396b52b801f8ba
master: 54a59475f301267c7263a649df1b992e9b3e08aa
Hmm, I'm unable to reproduce this behavior. I have a database with two
server certs, same nickname:
$ certutil -L -d /tmp/db -n Server-Cert -a
-----BEGIN CERTIFICATE-----
<blob>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<blob>
-----END CERTIFICATE-----
$ certutil -L -d /tmp/db -n Server-Cert |grep Serial
Serial Number: 7 (0x7)
Serial Number: 6 (0x6)
$ certutil -L -d /tmp/db -n Server-Cert -r -o /tmp/server.der
$ /usr/lib64/nss/unsupported-tools/derdump -i /tmp/server.der |grep -C 2
Integer
C-Sequence (554)
C-[0] (3)
Integer (1)
02
Integer (1)
07
C-Sequence (13)
--
C-Sequence (554)
C-[0] (3)
Integer (1)
02
Integer (1)
06
C-Sequence (13)
$ openssl x509 -text -in /tmp/server.der -inform der |grep Serial
Serial Number: 7 (0x7)
I guess it's something else, python-nss perhaps, that can't handle a DER
with multiple certs in it. So no need to file a mozilla bug I suppose.
rob
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code