diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2013-07-03 11:00:58 +0200 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2013-07-09 14:22:57 -0400 |
| commit | ec75348354a01fd332e047085942fb4a4476b184 (patch) | |
| tree | d32f7c823f51bfcbbbf4b570c446a62e1cdc9d0a | |
| parent | 784f484cad5f823d0a56dbcaa8f71d1fef4286b9 (diff) | |
| download | freeipa-ec75348354a01fd332e047085942fb4a4476b184.tar.gz freeipa-ec75348354a01fd332e047085942fb4a4476b184.tar.xz freeipa-ec75348354a01fd332e047085942fb4a4476b184.zip | |
Skip cert issuer validation in service and host commands in CA-less install.
https://fedorahosted.org/freeipa/ticket/3736
| -rw-r--r-- | ipalib/x509.py | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/ipalib/x509.py b/ipalib/x509.py index dc5418e1a..ca6eac50f 100644 --- a/ipalib/x509.py +++ b/ipalib/x509.py @@ -61,9 +61,12 @@ def subject_base(): return _subject_base def valid_issuer(issuer): + if not api.env.enable_ra: + return True # Handle all supported forms of issuer -- currently dogtag only. if api.env.ra_plugin == 'dogtag': return DN(issuer) == DN(('CN', 'Certificate Authority'), subject_base()) + return True def strip_header(pem): """ |