rpms / ipa

Clone
Source Code
GIT

Blame SOURCES/0088-ext.-CA-correctly-write-the-cert-chain.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   b38368e5dbca9abdef17fc91626a20d016326ee0
  2.   SOURCES
  3.   0088-ext.-CA-correctly-write-the-cert-chain.patch
Blob History Raw
ac7d03 
From 3ee73ed6d739a9d89dadd78f37388e8cfdba143b Mon Sep 17 00:00:00 2001
ac7d03 
From: Stanislav Laznicka <slaznick@redhat.com>
ac7d03 
Date: Tue, 18 Apr 2017 17:17:48 +0200
ac7d03 
Subject: [PATCH] ext. CA: correctly write the cert chain
ac7d03
ac7d03 
The cert file would have been rewritten all over again with
ac7d03 
any of the cert in the CA cert chain without this patch.
ac7d03
ac7d03 
https://pagure.io/freeipa/issue/6872
ac7d03
ac7d03 
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
ac7d03 
---
ac7d03 
 ipaserver/install/cainstance.py | 5 +++--
ac7d03 
 1 file changed, 3 insertions(+), 2 deletions(-)
ac7d03
ac7d03 
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
ac7d03 
index ac5d9e2fc633c5ad732670245b72bee0f03268a6..e2070e39f7e162fcff6e1f8cca41218e440b5f58 100644
ac7d03 
--- a/ipaserver/install/cainstance.py
ac7d03 
+++ b/ipaserver/install/cainstance.py
ac7d03 
@@ -783,9 +783,10 @@ class CAInstance(DogtagInstance):
ac7d03 
         certlist = x509.pkcs7_to_pems(data, x509.DER)
ac7d03
ac7d03 
         # We have all the certificates in certlist, write them to a PEM file
ac7d03 
-        for cert in certlist:
ac7d03 
-            with open(paths.IPA_CA_CRT, 'w') as ipaca_pem:
ac7d03 
+        with open(paths.IPA_CA_CRT, 'w') as ipaca_pem:
ac7d03 
+            for cert in certlist:
ac7d03 
                 ipaca_pem.write(cert)
ac7d03 
+                ipaca_pem.write('\n')
ac7d03
ac7d03 
     def __request_ra_certificate(self):
ac7d03 
         # create a temp file storing the pwd
ac7d03 
--
ac7d03 
2.12.2
ac7d03

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation