Hi, the attached patch fixes <https://fedorahosted.org/freeipa/ticket/6166>.
Pushed under the one-liner rule to: master: a42b456b91cb345e977c6f0febf5c30f15a954d3 ipa-4-3: 44401d26c29e35d38bc94a7a87b9f2dd205e0643 Honza -- Jan Cholasta
From 35856043cb92fd99268c4b7afb87909efba74ed7 Mon Sep 17 00:00:00 2001 From: Jan Cholasta <jchol...@redhat.com> Date: Thu, 4 Aug 2016 09:58:38 +0200 Subject: [PATCH] install: fix external CA cert validation The code which loads the external CA cert chain was never executed because of an incorrect usage of an iterator (iterating over it twice). https://fedorahosted.org/freeipa/ticket/6166 --- ipaserver/install/installutils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index 25f48ae..66ba333 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -1038,7 +1038,7 @@ def load_external_cert(files, subject_base): raise ScriptError( "IPA CA certificate not found in %s" % (", ".join(files))) - trust_chain = reversed(nssdb.get_trust_chain(ca_nickname)) + trust_chain = list(reversed(nssdb.get_trust_chain(ca_nickname))) ca_cert_chain = [] for nickname in trust_chain: cert, subject, issuer = cache[nickname] -- 2.7.4
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
