summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2011-07-17 12:55:54 -0400
committerRob Crittenden <rcritten@redhat.com>2011-07-17 22:26:01 -0400
commitd43ba5316a08249fa276cdc43338d85f784547f0 (patch)
tree70c41e5e40e60e4ef8ad44acb00faf3b81a22710
parenta48a84a5ead90898630a23fc0de1c978d1e0b810 (diff)
downloadfreeipa-d43ba5316a08249fa276cdc43338d85f784547f0.tar.gz
freeipa-d43ba5316a08249fa276cdc43338d85f784547f0.tar.xz
freeipa-d43ba5316a08249fa276cdc43338d85f784547f0.zip
Generate a database password by default in all cases.
If the password passed in when creating a NSS certificate database is None then a random password is generated. If it is empty ('') then an empty password is set. Because of this the HTTP instance on replicas were created with an empty password. https://fedorahosted.org/freeipa/ticket/1407
-rw-r--r--ipaserver/install/certs.py2
-rw-r--r--ipaserver/install/httpinstance.py2
2 files changed, 2 insertions, 2 deletions
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 522d3f576..1bbcbabe6 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -914,7 +914,7 @@ class CertDB(object):
self.export_ca_cert(self.cacert_name, True)
self.create_pin_file()
- def create_from_cacert(self, cacert_fname, passwd=""):
+ def create_from_cacert(self, cacert_fname, passwd=None):
if ipautil.file_exists(self.certdb_fname):
# We already have a cert db, see if it is for the same CA.
# If it is we leave things as they are.
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 26fde51f9..d2eb27c96 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -177,7 +177,7 @@ class HTTPInstance(service.Service):
db = certs.CertDB(self.realm, subject_base=self.subject_base)
if self.pkcs12_info:
- db.create_from_pkcs12(self.pkcs12_info[0], self.pkcs12_info[1], passwd="")
+ db.create_from_pkcs12(self.pkcs12_info[0], self.pkcs12_info[1], passwd=None)
server_certs = db.find_server_certs()
if len(server_certs) == 0:
raise RuntimeError("Could not find a suitable server cert in import in %s" % self.pkcs12_info[0])