ACKed by Jack. Pushed to master.
On Thu, 2016-03-03 at 14:48 -0500, Ade Lee wrote: > Fix pkcs12 export > > The utility for exporting certs and keys to a PKCS12 file > did not handle the signing certificate correctly. This is > because the signing certificate was imported multiple times > during the export process - either with its key (and key id set) > or as part of the cert chain for the other system certs (with > no key set). > > Each import would override the previous import - so whether > or not the key_id was set would depend on the order in which > the certificates were imported. > > This becomes an issue for import into a clone certdb, because in > the new mechanism, we rely on the cert attributes (ie. key_id) to > determine if a key is to be imported or not. > > We fix this by specifying whether the entry in the export should > be overwritten or not. > > Please review, > > Ade > _______________________________________________ > Pki-devel mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/pki-devel _______________________________________________ Pki-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-devel
