|
 |
eb7a78 |
From 5f1100e83146e898dca431d6cdaf62ab986e599d Mon Sep 17 00:00:00 2001
|
|
|
eb7a78 |
From: Florence Blanc-Renaud <flo@redhat.com>
|
|
|
eb7a78 |
Date: Wed, 9 Jun 2021 17:39:56 +0200
|
|
|
eb7a78 |
Subject: [PATCH] CA less installation: non ASCII chars in CA subject
|
|
|
eb7a78 |
|
|
|
eb7a78 |
In CA-less installation, ipa-server-install fails when the CA
|
|
|
eb7a78 |
certificate contains a subject with non ASCII characters.
|
|
|
eb7a78 |
|
|
|
eb7a78 |
ipa-server-install is internally calling ipautil.run(...)
|
|
|
eb7a78 |
to launch a certutil -n nickname command, and the nickname is
|
|
|
eb7a78 |
provided as a unicode instead of a string.
|
|
|
eb7a78 |
|
|
|
eb7a78 |
The fix makes sure the nickname is provided as a utf-8
|
|
|
eb7a78 |
encoded string.
|
|
|
eb7a78 |
|
|
|
eb7a78 |
Fixes: https://pagure.io/freeipa/issue/8879
|
|
|
eb7a78 |
|
|
|
eb7a78 |
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
|
|
|
eb7a78 |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
|
eb7a78 |
---
|
|
|
eb7a78 |
ipalib/install/certstore.py | 2 +-
|
|
|
eb7a78 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
eb7a78 |
|
|
|
eb7a78 |
diff --git a/ipalib/install/certstore.py b/ipalib/install/certstore.py
|
|
|
eb7a78 |
index 8b182958c26e066eaeca859f451073c83e82bd67..4d406c0ce34cb1bdd39dcbac70eae4f6b0895cb5 100644
|
|
|
eb7a78 |
--- a/ipalib/install/certstore.py
|
|
|
eb7a78 |
+++ b/ipalib/install/certstore.py
|
|
|
eb7a78 |
@@ -294,7 +294,7 @@ def get_ca_certs(ldap, base_dn, compat_realm, compat_ipa_ca,
|
|
|
eb7a78 |
'cACertificate;binary'])
|
|
|
eb7a78 |
|
|
|
eb7a78 |
for entry in result:
|
|
|
eb7a78 |
- nickname = entry.single_value['cn']
|
|
|
eb7a78 |
+ nickname = entry.single_value['cn'].encode('utf-8')
|
|
|
eb7a78 |
trusted = entry.single_value.get('ipaKeyTrust', 'unknown').lower()
|
|
|
eb7a78 |
if trusted == 'trusted':
|
|
|
eb7a78 |
trusted = True
|
|
|
eb7a78 |
--
|
|
|
eb7a78 |
2.26.3
|
|
|
eb7a78 |
|