The ConfigurationUtils.importCertChain() has been modified to ignore UNKNOWN_ISSUER error when connecting to a server that does not have the complete certificate chain.
https://fedorahosted.org/pki/ticket/2497 Pushed to master under one-liner/trivial rule. -- Endi S. Dewata
>From 343a756bb93abf057f2999858ba9e170fa84f143 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" <[email protected]> Date: Thu, 6 Oct 2016 22:08:15 +0200 Subject: [PATCH] Fixed ConfigurationUtils.importCertChain(). The ConfigurationUtils.importCertChain() has been modified to ignore UNKNOWN_ISSUER error when connecting to a server that does not have the complete certificate chain. https://fedorahosted.org/pki/ticket/2497 --- .../cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java index ed70a099aad27823b693f7bc619ed7d53a961188..001b6ab83624b97c3113575eba91b46333ee94cf 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java @@ -261,8 +261,9 @@ public class ConfigurationUtils { IConfigStore cs = CMS.getConfigStore(); ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback(); - // Ignore untrusted issuer to get cert chain. + // Ignore untrusted/unknown issuer to get cert chain. certApprovalCallback.ignoreError(ValidityStatus.UNTRUSTED_ISSUER); + certApprovalCallback.ignoreError(ValidityStatus.UNKNOWN_ISSUER); String c = get(host, port, true, serverPath, null, certApprovalCallback); if (c != null) { -- 2.7.4
_______________________________________________ Pki-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-devel
