diff options
author | Jan Cholasta <jcholast@redhat.com> | 2013-12-05 14:34:14 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-06-24 12:10:01 +0200 |
commit | e675e427c713e41a5384d329bf453a998a70bb13 (patch) | |
tree | 87777bc5c1bade858d4956382cded2285e00e6ec /install/tools/ipa-upgradeconfig | |
parent | 61eeea9e69483d5afbdefebcf068dac06749313f (diff) | |
download | freeipa-e675e427c713e41a5384d329bf453a998a70bb13.tar.gz freeipa-e675e427c713e41a5384d329bf453a998a70bb13.tar.xz freeipa-e675e427c713e41a5384d329bf453a998a70bb13.zip |
Allow SAN in IPA certificate profile.
https://fedorahosted.org/freeipa/ticket/3977
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Diffstat (limited to 'install/tools/ipa-upgradeconfig')
-rw-r--r-- | install/tools/ipa-upgradeconfig | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index 99dfbdf9d..688e17872 100644 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -330,9 +330,14 @@ def upgrade_ipa_profile(ca, domain, fqdn): root_logger.debug('Subject Key Identifier updated.') else: root_logger.debug('Subject Key Identifier already set.') + san = ca.enable_subject_alternative_name() + if san: + root_logger.debug('Subject Alternative Name updated.') + else: + root_logger.debug('Subject Alternative Name already set.') audit = ca.set_audit_renewal() uri = ca.set_crl_ocsp_extensions(domain, fqdn) - if audit or ski or uri: + if audit or ski or san or uri: return True else: root_logger.info('CA is not configured') |