rpms / pki-core

Clone
Source Code
GIT

Files

  1.   632623a3608a706bde1f0812adb6204f0951efd4
  2.   SOURCES
  3.   pki-core-pre-signed-CMC-renewal-UniqueKeyConstraint.patch
Blob Blame History Raw 
From 7f29261148fa4a27824cb2006c515d376288ec64 Mon Sep 17 00:00:00 2001
From: Christina Fu <cfu@redhat.com>
Date: Tue, 20 Jun 2017 15:04:12 -0700
Subject: [PATCH] Ticket #2618 UniqueKeyConstraint fix on subjectDN comparison

(cherry picked from commit 2d69d9332eea7ddc5205dc9e44d15452be4be61f)
---
 .../com/netscape/cms/profile/constraint/UniqueKeyConstraint.java    | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/base/server/cms/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java b/base/server/cms/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java
index 030995a..2614576 100644
--- a/base/server/cms/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java
+++ b/base/server/cms/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java
@@ -240,11 +240,7 @@ public class UniqueKeyConstraint extends EnrollConstraint {
                             }
                             // only VALID or EXPIRED certs could have reached here
                             X509CertImpl origCert = rec.getCertificate();
-                            String certDN =
-                                    origCert.getSubjectDN().toString();
-                            CMS.debug(method + " cert retrieved from ldap has subject DN =" + certDN);
-
-                            sjname_in_db = new X500Name(certDN);
+                            sjname_in_db = (X500Name) origCert.getSubjectDN();
 
                             if (sjname_in_db.equals(sjname_in_req) == false) {
                                 msg = msg + "subject name not match in same key renewal;";
-- 
1.8.3.1

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation