subject:"\[Freeipa\-devel\] \[PATCH 547\] cacert install\: fix trust chain validation"

Re: [Freeipa-devel] [PATCH 547] cacert install: fix trust chain validation

2016-02-24 Thread Jan Cholasta


On 24.2.2016 09:13, Martin Babinsky wrote:

On 02/22/2016 06:30 PM, Jan Cholasta wrote:

Hi,

the attached patch fixes .

Honza




ACK.


Thanks.

Pushed to:
master: ef9134640795b736731bfbdb6fe0badb3e817552
ipa-4-3: 4fa8d3bca44b02b81783673dd14954b94ed49efa

--
Jan Cholasta

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 547] cacert install: fix trust chain validation

2016-02-24 Thread Martin Babinsky


On 02/22/2016 06:30 PM, Jan Cholasta wrote:

Hi,

the attached patch fixes .

Honza




ACK.

--
Martin^3 Babinsky

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [PATCH 547] cacert install: fix trust chain validation

2016-02-22 Thread Jan Cholasta


Hi,

the attached patch fixes .

Honza

--
Jan Cholasta
From 7e0ec898cd58647250ed673fa55b98012939e373 Mon Sep 17 00:00:00 2001
From: Jan Cholasta 
Date: Mon, 22 Feb 2016 18:14:46 +0100
Subject: [PATCH] cacert install: fix trust chain validation

https://fedorahosted.org/freeipa/ticket/5612
---
 ipaserver/install/ipa_cacert_manage.py | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/ipaserver/install/ipa_cacert_manage.py b/ipaserver/install/ipa_cacert_manage.py
index 2a4e8ef..de13ad3 100644
--- a/ipaserver/install/ipa_cacert_manage.py
+++ b/ipaserver/install/ipa_cacert_manage.py
@@ -335,10 +335,17 @@ class CACertManage(admintool.AdminTool):
 
 nickname = options.nickname or str(subject)
 
+ca_certs = certstore.get_ca_certs_nss(api.Backend.ldap2,
+  api.env.basedn,
+  api.env.realm,
+  False)
+
 with certs.NSSDatabase() as tmpdb:
 pw = ipautil.write_tmp_file(ipautil.ipa_generate_password())
 tmpdb.create_db(pw.name)
 tmpdb.add_cert(cert, nickname, 'C,,')
+for ca_cert, ca_nickname, ca_trust_flags in ca_certs:
+tmpdb.add_cert(ca_cert, ca_nickname, ca_trust_flags)
 
 try:
 tmpdb.verify_ca_cert_validity(nickname)
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 547] cacert install: fix trust chain validation

Re: [Freeipa-devel] [PATCH 547] cacert install: fix trust chain validation

[Freeipa-devel] [PATCH 547] cacert install: fix trust chain validation

3 matches

Site Navigation

Mail list logo

Footer information