Tree - rpms/ipa - CentOS Git server

rpms / ipa

Blame SOURCES/0223-Backport-PR-988-to-ipa-4-5-Fix-Certificate-renewal-w.patch

Blob History Raw

		483b06	`From 21b0fdb48179e6060eff0ecb11ce6522983ccc00 Mon Sep 17 00:00:00 2001`
		483b06	`From: Florence Blanc-Renaud <flo@redhat.com>`
		483b06	`Date: Fri, 18 Aug 2017 18:02:57 +0200`
		483b06	`Subject: [PATCH] Backport PR 988 to ipa-4-5 Fix Certificate renewal (with ext`
		483b06	`ca)`
		483b06
		483b06	`Fix certificate renewal scripts that use IPACertificate object:`
		483b06	`- renew_ca_cert adds the C flag to the trust flags and needs to`
		483b06	`be adapted to IPACertificate object`
		483b06	`- ipa-cacert-manage: fix python3 encoding issue`
		483b06
		483b06	`https://pagure.io/freeipa/issue/7106`
		483b06
		483b06	`Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>`
		483b06	`Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>`
		483b06	`---`
		483b06	`install/restart_scripts/renew_ca_cert \| 7 ++++++-`
		483b06	`ipaserver/install/ipa_cacert_manage.py \| 2 +-`
		483b06	`2 files changed, 7 insertions(+), 2 deletions(-)`
		483b06
		483b06	`diff --git a/install/restart_scripts/renew_ca_cert b/install/restart_scripts/renew_ca_cert`
		483b06	`index bb31defc0e2bdca044e68ae067f42fb3bd41a57f..3bbf003bad47a189fd26df19e6ab137fcbb67ed0 100644`
		483b06	`--- a/install/restart_scripts/renew_ca_cert`
		483b06	`+++ b/install/restart_scripts/renew_ca_cert`
		483b06	`@@ -35,6 +35,7 @@ from ipaserver.install import certs, cainstance, installutils`
		483b06	`from ipaserver.plugins.ldap2 import ldap2`
		483b06	`from ipaplatform import services`
		483b06	`from ipaplatform.paths import paths`
		483b06	`+from ipapython.certdb import TrustFlags`
		483b06
		483b06
		483b06	`def _main():`
		483b06	`@@ -180,7 +181,11 @@ def _main():`
		483b06	`# Pass Dogtag's self-tests`
		483b06	`for ca_nick in db.find_root_cert(nickname)[-2:-1]:`
		483b06	`ca_flags = dict(cc[1:] for cc in ca_certs)[ca_nick]`
		483b06	`- db.trust_root_cert(ca_nick, 'C' + ca_flags)`
		483b06	`+ usages = ca_flags.usages or set()`
		483b06	`+ ca_flags_modified = TrustFlags(ca_flags.has_key,`
		483b06	`+ True, True,`
		483b06	`+ usages \| {x509.EKU_SERVER_AUTH})`
		483b06	`+ db.trust_root_cert(ca_nick, ca_flags_modified)`
		483b06	`finally:`
		483b06	`if conn is not None and conn.isconnected():`
		483b06	`conn.disconnect()`
		483b06	`diff --git a/ipaserver/install/ipa_cacert_manage.py b/ipaserver/install/ipa_cacert_manage.py`
		483b06	`index e88e8b63ae94759ac835f3b3b31b0735d68a67b0..fcbf09155a3abc9ce9481aa2519ed39aaa6aa9bb 100644`
		483b06	`--- a/ipaserver/install/ipa_cacert_manage.py`
		483b06	`+++ b/ipaserver/install/ipa_cacert_manage.py`
		483b06	`@@ -218,7 +218,7 @@ class CACertManage(admintool.AdminTool):`
		483b06	`cert_file, ca_file = installutils.load_external_cert(`
		483b06	`options.external_cert_files, DN(old_cert_obj.subject))`
		483b06
		483b06	`- with open(cert_file.name) as f:`
		483b06	`+ with open(cert_file.name, 'rb') as f:`
		483b06	`new_cert_data = f.read()`
		483b06	`new_cert_der = x509.normalize_certificate(new_cert_data)`
		483b06	`new_cert_obj = x509.load_certificate(new_cert_der, x509.DER)`
		483b06	`--`
		483b06	`2.13.5`

rpms / ipa

Source Code

Blame SOURCES/0223-Backport-PR-988-to-ipa-4-5-Fix-Certificate-renewal-w.patch