Re: [Freeipa-devel] [PATCH] 0215 ipa-server-install: correct help text for --external_{cert, ca}_file
On 04/15/2013 01:25 PM, Ana Krivokapic wrote: > On 04/15/2013 12:26 PM, Petr Viktorin wrote: >> On 04/15/2013 11:50 AM, Ana Krivokapic wrote: >>> On 04/15/2013 10:20 AM, Petr Viktorin wrote: Hello, this fixes incorrect descriptions of the --external_cert_file & --external_ca_file options. https://fedorahosted.org/freeipa/ticket/3523 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel >>> >>> There are also 3 error messages in install/tools/ipa-server-install, >>> that refer to >>> PKCS#10 certificates. Do we also need to fix these? >>> >>> [akrivoka@server freeipa]$ git grep 'PKCS#10' >>> install/tools/ipa-server-install >>> install/tools/ipa-server-install:print "Can't load the >>> PKCS#10 certificate: %s." % str(e) >>> install/tools/ipa-server-install:print "Subject of the >>> PKCS#10 certificate is not correct (got %s, expected %s)." % >>> (certsubject, wantsubject) >>> install/tools/ipa-server-install:print "The PKCS#10 >>> certificate is not signed by the external CA (unknown issuer %s)." % >>> certissuer >> >> Good catch, thanks. I've changed those as well. >> >> >> >> ___ >> Freeipa-devel mailing list >> Freeipa-devel@redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-devel > > ACK > Pushed to master. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0215 ipa-server-install: correct help text for --external_{cert, ca}_file
On 04/15/2013 12:26 PM, Petr Viktorin wrote: > On 04/15/2013 11:50 AM, Ana Krivokapic wrote: >> On 04/15/2013 10:20 AM, Petr Viktorin wrote: >>> Hello, >>> this fixes incorrect descriptions of the --external_cert_file & >>> --external_ca_file options. >>> >>> >>> https://fedorahosted.org/freeipa/ticket/3523 >>> >>> >>> >>> ___ >>> Freeipa-devel mailing list >>> Freeipa-devel@redhat.com >>> https://www.redhat.com/mailman/listinfo/freeipa-devel >> >> There are also 3 error messages in install/tools/ipa-server-install, >> that refer to >> PKCS#10 certificates. Do we also need to fix these? >> >> [akrivoka@server freeipa]$ git grep 'PKCS#10' >> install/tools/ipa-server-install >> install/tools/ipa-server-install:print "Can't load the >> PKCS#10 certificate: %s." % str(e) >> install/tools/ipa-server-install:print "Subject of the >> PKCS#10 certificate is not correct (got %s, expected %s)." % >> (certsubject, wantsubject) >> install/tools/ipa-server-install:print "The PKCS#10 >> certificate is not signed by the external CA (unknown issuer %s)." % >> certissuer > > Good catch, thanks. I've changed those as well. > > > > ___ > Freeipa-devel mailing list > Freeipa-devel@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel ACK -- Regards, Ana Krivokapic Associate Software Engineer FreeIPA team Red Hat Inc. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0215 ipa-server-install: correct help text for --external_{cert, ca}_file
On 04/15/2013 11:50 AM, Ana Krivokapic wrote: On 04/15/2013 10:20 AM, Petr Viktorin wrote: Hello, this fixes incorrect descriptions of the --external_cert_file & --external_ca_file options. https://fedorahosted.org/freeipa/ticket/3523 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel There are also 3 error messages in install/tools/ipa-server-install, that refer to PKCS#10 certificates. Do we also need to fix these? [akrivoka@server freeipa]$ git grep 'PKCS#10' install/tools/ipa-server-install install/tools/ipa-server-install:print "Can't load the PKCS#10 certificate: %s." % str(e) install/tools/ipa-server-install:print "Subject of the PKCS#10 certificate is not correct (got %s, expected %s)." % (certsubject, wantsubject) install/tools/ipa-server-install:print "The PKCS#10 certificate is not signed by the external CA (unknown issuer %s)." % certissuer Good catch, thanks. I've changed those as well. -- PetrĀ³ From 120ff5b7fa179f58747e1b63897372ea0b8c184a Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Wed, 20 Mar 2013 14:44:22 +0100 Subject: [PATCH] ipa-server-install: correct help text for --external_{cert,ca}_file The options take PEM certificates, not PKCS#10. This corrects both the --help output and the man page. https://fedorahosted.org/freeipa/ticket/3523 --- install/tools/ipa-server-install | 10 +- install/tools/man/ipa-server-install.1 | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index da3caa08d2b00fe3a750ef53573d7d2275635327..d400dbabf4dc1ced0c17277a4e93d55197092c7c 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -169,9 +169,9 @@ def parse_options(): cert_group.add_option("", "--external-ca", dest="external_ca", action="store_true", default=False, help="Generate a CSR to be signed by an external CA") cert_group.add_option("", "--external_cert_file", dest="external_cert_file", - help="File containing PKCS#10 certificate") + help="PEM file containing a certificate signed by the external CA") cert_group.add_option("", "--external_ca_file", dest="external_ca_file", - help="File containing PKCS#10 of the external CA chain") + help="PEM file containing the external CA chain") cert_group.add_option("--no-pkinit", dest="setup_pkinit", action="store_false", default=True, help="disables pkinit setup steps") cert_group.add_option("--dirsrv_pkcs12", dest="dirsrv_pkcs12", @@ -670,16 +670,16 @@ def main(): try: extcert = load_certificate_from_file(options.external_cert_file) except IOError, e: -print "Can't load the PKCS#10 certificate: %s." % str(e) +print "Can't load the PEM certificate: %s." % str(e) sys.exit(1) except nss.error.NSPRError: print "'%s' is not a valid PEM-encoded certificate." % options.external_cert_file sys.exit(1) certsubject = DN(str(extcert.subject)) wantsubject = DN(('CN','Certificate Authority'), options.subject) if certsubject != wantsubject: -print "Subject of the PKCS#10 certificate is not correct (got %s, expected %s)." % (certsubject, wantsubject) +print "Subject of the external certificate is not correct (got %s, expected %s)." % (certsubject, wantsubject) sys.exit(1) try: @@ -694,7 +694,7 @@ def main(): certdict = dict((DN(str(cert.subject)), cert) for cert in extchain) certissuer = DN(str(extcert.issuer)) if certissuer not in certdict: -print "The PKCS#10 certificate is not signed by the external CA (unknown issuer %s)." % certissuer +print "The external certificate is not signed by the external CA (unknown issuer %s)." % certissuer sys.exit(1) cert = extcert diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1 index 6959a314785e5020ed1d7701873baf3c2260c2df..59219c14727c5a3062d06d5ef02eb0eebdc9c4f2 100644 --- a/install/tools/man/ipa-server-install.1 +++ b/install/tools/man/ipa-server-install.1 @@ -88,10 +88,10 @@ An unattended installation that will never prompt for user input Generate a CSR to be signed by an external CA .TP \fB\-\-external_cert_file\fR=\fIFILE\fR -File containing PKCS#10 certificate +PEM file containing a certificate signed by the external CA. Must be given with \-\-external_ca_file. .TP \fB\-\-external_ca_file\fR=\fIFILE\fR -File containing PKCS#10 of the external CA chain +PEM file containing the external CA chain .TP \fB\-\-no\-pkinit\fR Disables pkinit setup steps -- 1.8.1.4
Re: [Freeipa-devel] [PATCH] 0215 ipa-server-install: correct help text for --external_{cert, ca}_file
On 04/15/2013 10:20 AM, Petr Viktorin wrote: > Hello, > this fixes incorrect descriptions of the --external_cert_file & > --external_ca_file options. > > > https://fedorahosted.org/freeipa/ticket/3523 > > > > ___ > Freeipa-devel mailing list > Freeipa-devel@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel There are also 3 error messages in install/tools/ipa-server-install, that refer to PKCS#10 certificates. Do we also need to fix these? [akrivoka@server freeipa]$ git grep 'PKCS#10' install/tools/ipa-server-install install/tools/ipa-server-install:print "Can't load the PKCS#10 certificate: %s." % str(e) install/tools/ipa-server-install:print "Subject of the PKCS#10 certificate is not correct (got %s, expected %s)." % (certsubject, wantsubject) install/tools/ipa-server-install:print "The PKCS#10 certificate is not signed by the external CA (unknown issuer %s)." % certissuer -- Regards, Ana Krivokapic Associate Software Engineer FreeIPA team Red Hat Inc. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 0215 ipa-server-install: correct help text for --external_{cert, ca}_file
Hello, this fixes incorrect descriptions of the --external_cert_file & --external_ca_file options. https://fedorahosted.org/freeipa/ticket/3523 -- PetrĀ³ From fba3d395b4c32e2b760ef6182be6df61c052474b Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Wed, 20 Mar 2013 14:44:22 +0100 Subject: [PATCH] ipa-server-install: correct help text for --external_{cert,ca}_file The options take PEM certificates, not PKCS#10. This corrects both the --help output and the man page. https://fedorahosted.org/freeipa/ticket/3523 --- install/tools/ipa-server-install | 4 ++-- install/tools/man/ipa-server-install.1 | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index da3caa08d2b00fe3a750ef53573d7d2275635327..ddc87b3e37defec8fd0c19c2dea0d2762c43242e 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -169,9 +169,9 @@ def parse_options(): cert_group.add_option("", "--external-ca", dest="external_ca", action="store_true", default=False, help="Generate a CSR to be signed by an external CA") cert_group.add_option("", "--external_cert_file", dest="external_cert_file", - help="File containing PKCS#10 certificate") + help="PEM file containing a certificate signed by the external CA") cert_group.add_option("", "--external_ca_file", dest="external_ca_file", - help="File containing PKCS#10 of the external CA chain") + help="PEM file containing the external CA chain") cert_group.add_option("--no-pkinit", dest="setup_pkinit", action="store_false", default=True, help="disables pkinit setup steps") cert_group.add_option("--dirsrv_pkcs12", dest="dirsrv_pkcs12", diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1 index 6959a314785e5020ed1d7701873baf3c2260c2df..59219c14727c5a3062d06d5ef02eb0eebdc9c4f2 100644 --- a/install/tools/man/ipa-server-install.1 +++ b/install/tools/man/ipa-server-install.1 @@ -88,10 +88,10 @@ An unattended installation that will never prompt for user input Generate a CSR to be signed by an external CA .TP \fB\-\-external_cert_file\fR=\fIFILE\fR -File containing PKCS#10 certificate +PEM file containing a certificate signed by the external CA. Must be given with \-\-external_ca_file. .TP \fB\-\-external_ca_file\fR=\fIFILE\fR -File containing PKCS#10 of the external CA chain +PEM file containing the external CA chain .TP \fB\-\-no\-pkinit\fR Disables pkinit setup steps -- 1.8.1.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel