Martin Basti wrote:



On 15.03.2016 07:26, David Kupka wrote:
On 14/03/16 09:29, Jan Cholasta wrote:
Hi,

the attached patch fixes <https://fedorahosted.org/freeipa/ticket/5117>
and <https://fedorahosted.org/freeipa/ticket/5720>.

Honza



Hi, thanks for the patch. I haven't found any distortion of affected
use cases, ACK.

Pushed to:
ipa-4-2: 00097c1dd82f55b1e004b9d6eb4f6ed7fb6ffca8
ipa-4-3: b7bf55e951cabf77aa72b4b795396b52b801f8ba
master: 54a59475f301267c7263a649df1b992e9b3e08aa


Hmm, I'm unable to reproduce this behavior. I have a database with two server certs, same nickname:

$ certutil -L -d /tmp/db -n Server-Cert -a
-----BEGIN CERTIFICATE-----
<blob>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<blob>
-----END CERTIFICATE-----

$ certutil -L -d /tmp/db -n Server-Cert |grep Serial
        Serial Number: 7 (0x7)
        Serial Number: 6 (0x6)

$ certutil -L -d /tmp/db -n Server-Cert -r -o /tmp/server.der
$ /usr/lib64/nss/unsupported-tools/derdump -i /tmp/server.der |grep -C 2 Integer
   C-Sequence  (554)
      C-[0]  (3)
         Integer  (1)
            02
      Integer  (1)
         07
      C-Sequence  (13)
--
   C-Sequence  (554)
      C-[0]  (3)
         Integer  (1)
            02
      Integer  (1)
         06
      C-Sequence  (13)

$ openssl x509 -text -in /tmp/server.der -inform der |grep Serial
        Serial Number: 7 (0x7)

I guess it's something else, python-nss perhaps, that can't handle a DER with multiple certs in it. So no need to file a mozilla bug I suppose.

rob

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to