|
 |
e3ffab |
From 675251b626028e8eb9b869ba661f919cec16da3c Mon Sep 17 00:00:00 2001
|
|
|
e3ffab |
From: Jan Cholasta <jcholast@redhat.com>
|
|
|
e3ffab |
Date: Tue, 9 Dec 2014 12:47:58 +0000
|
|
|
e3ffab |
Subject: [PATCH] Refer the user to freeipa.org when something goes wrong in
|
|
|
e3ffab |
ipa-cacert-manage
|
|
|
e3ffab |
|
|
|
e3ffab |
https://fedorahosted.org/freeipa/ticket/4781
|
|
|
e3ffab |
|
|
|
e3ffab |
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
e3ffab |
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
e3ffab |
---
|
|
|
e3ffab |
ipaserver/install/ipa_cacert_manage.py | 23 ++++++++++++++++++-----
|
|
|
e3ffab |
1 file changed, 18 insertions(+), 5 deletions(-)
|
|
|
e3ffab |
|
|
|
e3ffab |
diff --git a/ipaserver/install/ipa_cacert_manage.py b/ipaserver/install/ipa_cacert_manage.py
|
|
|
e3ffab |
index 8fda6a263454e8a4046baa1da069cdcddeb177a9..e074601692207253671ad4be6bca35458793625e 100644
|
|
|
e3ffab |
--- a/ipaserver/install/ipa_cacert_manage.py
|
|
|
e3ffab |
+++ b/ipaserver/install/ipa_cacert_manage.py
|
|
|
e3ffab |
@@ -221,12 +221,21 @@ class CACertManage(admintool.AdminTool):
|
|
|
e3ffab |
nss_cert = x509.load_certificate_from_file(cert_file.name)
|
|
|
e3ffab |
cert = nss_cert.der_data
|
|
|
e3ffab |
if nss_cert.subject != subject:
|
|
|
e3ffab |
- raise admintool.ScriptError("Subject name mismatch")
|
|
|
e3ffab |
+ raise admintool.ScriptError(
|
|
|
e3ffab |
+ "Subject name mismatch (visit "
|
|
|
e3ffab |
+ "http://www.freeipa.org/page/Troubleshooting for "
|
|
|
e3ffab |
+ "troubleshooting guide)")
|
|
|
e3ffab |
if x509.get_der_subject(cert, x509.DER) != der_subject:
|
|
|
e3ffab |
- raise admintool.ScriptError("Subject name encoding mismatch")
|
|
|
e3ffab |
+ raise admintool.ScriptError(
|
|
|
e3ffab |
+ "Subject name encoding mismatch (visit "
|
|
|
e3ffab |
+ "http://www.freeipa.org/page/Troubleshooting for "
|
|
|
e3ffab |
+ "troubleshooting guide)")
|
|
|
e3ffab |
#pylint: disable=E1101
|
|
|
e3ffab |
if nss_cert.subject_public_key_info.format() != pkinfo:
|
|
|
e3ffab |
- raise admintool.ScriptError("Subject public key info mismatch")
|
|
|
e3ffab |
+ raise admintool.ScriptError(
|
|
|
e3ffab |
+ "Subject public key info mismatch (visit "
|
|
|
e3ffab |
+ "http://www.freeipa.org/page/Troubleshooting for "
|
|
|
e3ffab |
+ "troubleshooting guide)")
|
|
|
e3ffab |
#pylint: enable=E1101
|
|
|
e3ffab |
finally:
|
|
|
e3ffab |
del nss_cert
|
|
|
e3ffab |
@@ -253,7 +262,9 @@ class CACertManage(admintool.AdminTool):
|
|
|
e3ffab |
tmpdb.verify_ca_cert_validity('IPA CA')
|
|
|
e3ffab |
except ValueError, e:
|
|
|
e3ffab |
raise admintool.ScriptError(
|
|
|
e3ffab |
- "Not a valid CA certificate: %s" % e)
|
|
|
e3ffab |
+ "Not a valid CA certificate: %s (visit "
|
|
|
e3ffab |
+ "http://www.freeipa.org/page/Troubleshooting for "
|
|
|
e3ffab |
+ "troubleshooting guide)" % e)
|
|
|
e3ffab |
|
|
|
e3ffab |
trust_chain = tmpdb.get_trust_chain('IPA CA')[:-1]
|
|
|
e3ffab |
for nickname in trust_chain:
|
|
|
e3ffab |
@@ -340,7 +351,9 @@ class CACertManage(admintool.AdminTool):
|
|
|
e3ffab |
tmpdb.verify_ca_cert_validity(nickname)
|
|
|
e3ffab |
except ValueError, e:
|
|
|
e3ffab |
raise admintool.ScriptError(
|
|
|
e3ffab |
- "Not a valid CA certificate: %s" % e)
|
|
|
e3ffab |
+ "Not a valid CA certificate: %s (visit "
|
|
|
e3ffab |
+ "http://www.freeipa.org/page/Troubleshooting for "
|
|
|
e3ffab |
+ "troubleshooting guide)" % e)
|
|
|
e3ffab |
|
|
|
e3ffab |
trust_flags = options.trust_flags
|
|
|
e3ffab |
if ((set(trust_flags) - set(',CPTcgpuw')) or
|
|
|
e3ffab |
--
|
|
|
e3ffab |
2.1.0
|
|
|
e3ffab |
|