summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2013-07-03 11:00:58 +0200
committerRob Crittenden <rcritten@redhat.com>2013-07-09 14:22:57 -0400
commitec75348354a01fd332e047085942fb4a4476b184 (patch)
treed32f7c823f51bfcbbbf4b570c446a62e1cdc9d0a
parent784f484cad5f823d0a56dbcaa8f71d1fef4286b9 (diff)
downloadfreeipa-ec75348354a01fd332e047085942fb4a4476b184.zip
freeipa-ec75348354a01fd332e047085942fb4a4476b184.tar.gz
freeipa-ec75348354a01fd332e047085942fb4a4476b184.tar.xz
Skip cert issuer validation in service and host commands in CA-less install.
https://fedorahosted.org/freeipa/ticket/3736
-rw-r--r--ipalib/x509.py3
1 files changed, 3 insertions, 0 deletions
diff --git a/ipalib/x509.py b/ipalib/x509.py
index dc5418e..ca6eac5 100644
--- a/ipalib/x509.py
+++ b/ipalib/x509.py
@@ -61,9 +61,12 @@ def subject_base():
return _subject_base
def valid_issuer(issuer):
+ if not api.env.enable_ra:
+ return True
# Handle all supported forms of issuer -- currently dogtag only.
if api.env.ra_plugin == 'dogtag':
return DN(issuer) == DN(('CN', 'Certificate Authority'), subject_base())
+ return True
def strip_header(pem):
"""