pgreco / rpms / ipa

Forked from forks/areguera/rpms/ipa 4 years ago
Clone
Source Code
GIT

Blame SOURCES/0124-client-install-Do-not-crash-on-invalid-CA-certificat.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client
  1.   0201d8c1f8891ab8748f106290dcc981c3346232
  2.   SOURCES
  3.   0124-client-install-Do-not-crash-on-invalid-CA-certificat.patch
Blob History Raw
0201d8 
From 175dbfb667a9989593eaef2f35586d2afbfdc66c Mon Sep 17 00:00:00 2001
0201d8 
From: Jan Cholasta <jcholast@redhat.com>
0201d8 
Date: Tue, 17 Mar 2015 09:29:21 +0000
0201d8 
Subject: [PATCH] client-install: Do not crash on invalid CA certificate in
0201d8 
 LDAP
0201d8
0201d8 
When CA certificates in LDAP are corrupted, use the otherwise acquired CA
0201d8 
certificates from before.
0201d8
0201d8 
https://fedorahosted.org/freeipa/ticket/4565
0201d8
0201d8 
Reviewed-By: David Kupka <dkupka@redhat.com>
0201d8 
---
0201d8 
 ipa-client/ipa-install/ipa-client-install | 17 +++++++++++++----
0201d8 
 1 file changed, 13 insertions(+), 4 deletions(-)
0201d8
0201d8 
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
0201d8 
index 75a1711a7e1fdc9359ad02d55ad94d65af51ea93..c60124472005670834496569f550f0ffd986aa27 100755
0201d8 
--- a/ipa-client/ipa-install/ipa-client-install
0201d8 
+++ b/ipa-client/ipa-install/ipa-client-install
0201d8 
@@ -2585,14 +2585,15 @@ def install(options, env, fstore, statestore):
0201d8 
     except ValueError:
0201d8 
         pass
0201d8
0201d8 
+    ca_certs = x509.load_certificate_list_from_file(CACERT)
0201d8 
+    ca_certs = [cert.der_data for cert in ca_certs]
0201d8 
+
0201d8 
     with certdb.NSSDatabase() as tmp_db:
0201d8 
         # Add CA certs to a temporary NSS database
0201d8 
         try:
0201d8 
             pwd_file = ipautil.write_tmp_file(ipautil.ipa_generate_password())
0201d8 
             tmp_db.create_db(pwd_file.name)
0201d8
0201d8 
-            ca_certs = x509.load_certificate_list_from_file(CACERT)
0201d8 
-            ca_certs = [cert.der_data for cert in ca_certs]
0201d8 
             for i, cert in enumerate(ca_certs):
0201d8 
                 tmp_db.add_cert(cert, 'CA certificate %d' % (i + 1), 'C,,')
0201d8 
         except CalledProcessError, e:
0201d8 
@@ -2665,8 +2666,16 @@ def install(options, env, fstore, statestore):
0201d8 
         return CLIENT_INSTALL_ERROR
0201d8
0201d8 
     # Get CA certificates from the certificate store
0201d8 
-    ca_certs = get_certs_from_ldap(cli_server[0], cli_basedn, cli_realm,
0201d8 
-                                   ca_enabled)
0201d8 
+    try:
0201d8 
+        ca_certs = get_certs_from_ldap(cli_server[0], cli_basedn, cli_realm,
0201d8 
+                                       ca_enabled)
0201d8 
+    except errors.NoCertificateError:
0201d8 
+        if ca_enabled:
0201d8 
+            ca_subject = DN(('CN', 'Certificate Authority'), subject_base)
0201d8 
+        else:
0201d8 
+            ca_subject = None
0201d8 
+        ca_certs = certstore.make_compat_ca_certs(ca_certs, cli_realm,
0201d8 
+                                                  ca_subject)
0201d8 
     ca_certs_trust = [(c, n, certstore.key_policy_to_trust_flags(t, True, u))
0201d8 
                       for (c, n, t, u) in ca_certs]
0201d8
0201d8 
--
0201d8 
2.1.0
0201d8

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation