pgreco / rpms / ipa

Forked from forks/areguera/rpms/ipa 4 years ago
Clone
Source Code
GIT

Blame SOURCES/0152-certs-do-not-export-CA-certs-in-install_pem_from_p12.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client
  1.   848136e6b9ad9f432934a8fb29db0b86b253988c
  2.   SOURCES
  3.   0152-certs-do-not-export-CA-certs-in-install_pem_from_p12.patch
Blob History Raw
483b06 
From b66796bcd888e0204955913e642d8e45937843dd Mon Sep 17 00:00:00 2001
483b06 
From: Jan Cholasta <jcholast@redhat.com>
483b06 
Date: Wed, 3 May 2017 06:12:36 +0000
483b06 
Subject: [PATCH] certs: do not export CA certs in install_pem_from_p12
483b06
483b06 
This fixes `kdc.crt` containing the full chain rather than just the KDC
483b06 
certificate in CA-less server install.
483b06
483b06 
https://pagure.io/freeipa/issue/6831
483b06 
https://pagure.io/freeipa/issue/6869
483b06
483b06 
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
483b06 
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
483b06 
---
483b06 
 ipaserver/install/certs.py | 2 +-
483b06 
 1 file changed, 1 insertion(+), 1 deletion(-)
483b06
483b06 
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
483b06 
index 06a7e2143964484fa45106ca381043eb440dc5b1..02c479d92511fcf4043e7d6798c85cf8256c3299 100644
483b06 
--- a/ipaserver/install/certs.py
483b06 
+++ b/ipaserver/install/certs.py
483b06 
@@ -64,7 +64,7 @@ def get_cert_nickname(cert):
483b06
483b06 
 def install_pem_from_p12(p12_fname, p12_passwd, pem_fname):
483b06 
     pwd = ipautil.write_tmp_file(p12_passwd)
483b06 
-    ipautil.run([paths.OPENSSL, "pkcs12", "-nokeys",
483b06 
+    ipautil.run([paths.OPENSSL, "pkcs12", "-nokeys", "-clcerts",
483b06 
                  "-in", p12_fname, "-out", pem_fname,
483b06 
                  "-passin", "file:" + pwd.name])
483b06
483b06 
--
483b06 
2.9.4
483b06

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation