The Identity, Policy and Audit system
CentOS Sources
2016-11-03 403b09ab980c02ef36095973349a13e0181c794a
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
From fdcaf9f8437fcd12220af125a4fe0871c6d33f47 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Thu, 4 Aug 2016 09:58:38 +0200
Subject: [PATCH] install: fix external CA cert validation
 
The code which loads the external CA cert chain was never executed because
of an incorrect usage of an iterator (iterating over it twice).
 
https://fedorahosted.org/freeipa/ticket/6166
 
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
---
 ipaserver/install/installutils.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index 25f48aed1eeaa03353465bc40abf3484ec19bf3b..66ba33326adcdb47c2ba77c573ba9b66a82b365e 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -1038,7 +1038,7 @@ def load_external_cert(files, subject_base):
             raise ScriptError(
                 "IPA CA certificate not found in %s" % (", ".join(files)))
 
-        trust_chain = reversed(nssdb.get_trust_chain(ca_nickname))
+        trust_chain = list(reversed(nssdb.get_trust_chain(ca_nickname)))
         ca_cert_chain = []
         for nickname in trust_chain:
             cert, subject, issuer = cache[nickname]
-- 
2.7.4