summaryrefslogtreecommitdiffstats
path: root/install/tools/ipa-upgradeconfig
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2013-12-05 14:34:14 +0100
committerMartin Kosek <mkosek@redhat.com>2014-06-24 12:10:01 +0200
commite675e427c713e41a5384d329bf453a998a70bb13 (patch)
tree87777bc5c1bade858d4956382cded2285e00e6ec /install/tools/ipa-upgradeconfig
parent61eeea9e69483d5afbdefebcf068dac06749313f (diff)
downloadfreeipa-e675e427c713e41a5384d329bf453a998a70bb13.tar.gz
freeipa-e675e427c713e41a5384d329bf453a998a70bb13.tar.xz
freeipa-e675e427c713e41a5384d329bf453a998a70bb13.zip
Allow SAN in IPA certificate profile.
https://fedorahosted.org/freeipa/ticket/3977 Reviewed-By: Martin Kosek <mkosek@redhat.com>
Diffstat (limited to 'install/tools/ipa-upgradeconfig')
-rw-r--r--install/tools/ipa-upgradeconfig7
1 files changed, 6 insertions, 1 deletions
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index 99dfbdf9d..688e17872 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -330,9 +330,14 @@ def upgrade_ipa_profile(ca, domain, fqdn):
root_logger.debug('Subject Key Identifier updated.')
else:
root_logger.debug('Subject Key Identifier already set.')
+ san = ca.enable_subject_alternative_name()
+ if san:
+ root_logger.debug('Subject Alternative Name updated.')
+ else:
+ root_logger.debug('Subject Alternative Name already set.')
audit = ca.set_audit_renewal()
uri = ca.set_crl_ocsp_extensions(domain, fqdn)
- if audit or ski or uri:
+ if audit or ski or san or uri:
return True
else:
root_logger.info('CA is not configured')
generated by cgit (git 2.34.1) at 2024-05-21 10:11:05 +0000