|
 |
e3ffab |
From 6c7f71caf333363f8b4c18b3229de1533c1ad6fc Mon Sep 17 00:00:00 2001
|
|
|
e3ffab |
From: Jan Cholasta <jcholast@redhat.com>
|
|
|
e3ffab |
Date: Tue, 18 Nov 2014 14:01:59 +0000
|
|
|
e3ffab |
Subject: [PATCH] Fix wrong expiration date on renewed IPA CA certificates
|
|
|
e3ffab |
|
|
|
e3ffab |
The expiration date was always set to the expiration date of the original
|
|
|
e3ffab |
certificate.
|
|
|
e3ffab |
|
|
|
e3ffab |
https://fedorahosted.org/freeipa/ticket/4717
|
|
|
e3ffab |
|
|
|
e3ffab |
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
e3ffab |
---
|
|
|
e3ffab |
freeipa.spec.in | 4 ++--
|
|
|
e3ffab |
install/certmonger/dogtag-ipa-ca-renew-agent-submit | 2 ++
|
|
|
e3ffab |
2 files changed, 4 insertions(+), 2 deletions(-)
|
|
|
e3ffab |
|
|
|
e3ffab |
diff --git a/freeipa.spec.in b/freeipa.spec.in
|
|
|
e3ffab |
index be13e69255e7612f84aeca22105645b544cc50b5..e29f77de0db89035d15008c6be2da0ae7e96158a 100644
|
|
|
e3ffab |
--- a/freeipa.spec.in
|
|
|
e3ffab |
+++ b/freeipa.spec.in
|
|
|
e3ffab |
@@ -140,7 +140,7 @@ Requires: python-dns >= 1.11.1
|
|
|
e3ffab |
Requires: zip
|
|
|
e3ffab |
Requires: policycoreutils >= 2.1.12-5
|
|
|
e3ffab |
Requires: tar
|
|
|
e3ffab |
-Requires(pre): certmonger >= 0.75.13
|
|
|
e3ffab |
+Requires(pre): certmonger >= 0.76.8
|
|
|
e3ffab |
Requires(pre): 389-ds-base >= 1.3.3.5
|
|
|
e3ffab |
Requires: fontawesome-fonts
|
|
|
e3ffab |
Requires: open-sans-fonts
|
|
|
e3ffab |
@@ -221,7 +221,7 @@ Requires: wget
|
|
|
e3ffab |
Requires: libcurl >= 7.21.7-2
|
|
|
e3ffab |
Requires: xmlrpc-c >= 1.27.4
|
|
|
e3ffab |
Requires: sssd >= 1.12.2
|
|
|
e3ffab |
-Requires: certmonger >= 0.75.6
|
|
|
e3ffab |
+Requires: certmonger >= 0.76.8
|
|
|
e3ffab |
Requires: nss-tools
|
|
|
e3ffab |
Requires: bind-utils
|
|
|
e3ffab |
Requires: oddjob-mkhomedir
|
|
|
e3ffab |
diff --git a/install/certmonger/dogtag-ipa-ca-renew-agent-submit b/install/certmonger/dogtag-ipa-ca-renew-agent-submit
|
|
|
e3ffab |
index e5ad9639b03b95e6e265214067a985f6c3ca0b2a..0a2cff148810e4800c02121afc68911c221d34d7 100755
|
|
|
e3ffab |
--- a/install/certmonger/dogtag-ipa-ca-renew-agent-submit
|
|
|
e3ffab |
+++ b/install/certmonger/dogtag-ipa-ca-renew-agent-submit
|
|
|
e3ffab |
@@ -146,6 +146,8 @@ def request_cert():
|
|
|
e3ffab |
|
|
|
e3ffab |
path = paths.DOGTAG_IPA_RENEW_AGENT_SUBMIT
|
|
|
e3ffab |
args = [path] + sys.argv[1:]
|
|
|
e3ffab |
+ if os.environ.get('CERTMONGER_CA_PROFILE') == 'caCACert':
|
|
|
e3ffab |
+ args += ['-O', 'bypassCAnotafter=true']
|
|
|
e3ffab |
stdout, stderr, rc = ipautil.run(args, raiseonerr=False, env=os.environ)
|
|
|
e3ffab |
sys.stderr.write(stderr)
|
|
|
e3ffab |
sys.stderr.flush()
|
|
|
e3ffab |
--
|
|
|
e3ffab |
2.1.0
|
|
|
e3ffab |
|