diff options
author | Rob Crittenden <rcritten@redhat.com> | 2009-11-24 16:07:44 -0500 |
---|---|---|
committer | Jason Gerard DeRose <jderose@redhat.com> | 2009-11-30 18:10:09 -0700 |
commit | ab1667f3c1607a22c6df49ceba58274347bc5826 (patch) | |
tree | bc2e6102d3d9cd103d2418ad5372e164e0e7533d /ipalib/plugins/service.py | |
parent | 7c2c2d6130648fb6dd7c0e52d802cc6eff39ef95 (diff) | |
download | freeipa-ab1667f3c1607a22c6df49ceba58274347bc5826.tar.gz freeipa-ab1667f3c1607a22c6df49ceba58274347bc5826.tar.xz freeipa-ab1667f3c1607a22c6df49ceba58274347bc5826.zip |
Use pyasn1-based PKCS#10 and X509v3 parsers instead of pyOpenSSL.
The pyOpenSSL PKCS#10 parser doesn't support attributes so we can't identify
requests with subject alt names.
Subject alt names are only allowed if:
- the host for the alt name exists in IPA
- if binding as host principal, the host is in the services managedBy attr
Diffstat (limited to 'ipalib/plugins/service.py')
-rw-r--r-- | ipalib/plugins/service.py | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py index 449acbaec..c88695e42 100644 --- a/ipalib/plugins/service.py +++ b/ipalib/plugins/service.py @@ -23,11 +23,10 @@ Services (Identity) """ import base64 -from OpenSSL import crypto - from ipalib import api, errors from ipalib import Str, Flag, Bytes from ipalib.plugins.baseldap import * +from ipalib import x509 def get_serial(certificate): @@ -35,8 +34,7 @@ def get_serial(certificate): Given a certificate, return the serial number in that cert. """ try: - x509 = crypto.load_certificate(crypto.FILETYPE_ASN1, certificate) - serial = str(x509.get_serial_number()) + serial = str(x509.get_serial_number(certificate)) except crypto.Error: raise errors.GenericError( format='Unable to decode certificate in entry' @@ -247,7 +245,7 @@ api.register(service_show) class service_add_host(LDAPAddMember): """ - Add members to service. + Add hosts that can manage this service. """ member_attributes = ['managedby'] @@ -256,7 +254,7 @@ api.register(service_add_host) class service_remove_host(LDAPRemoveMember): """ - Remove members from service. + Remove hosts that can manage this service. """ member_attributes = ['managedby'] |