Drop --selfsign server functionality

Design: http://freeipa.org/page/V3/Drop_selfsign_functionality
Ticket: https://fedorahosted.org/freeipa/ticket/3494

1 files changed, 1 insertions, 3 deletions

diff --git a/ipalib/x509.py b/ipalib/x509.py
index 4f81fb59a..dc5418e1a 100644
--- a/ipalib/x509.py
+++ b/ipalib/x509.py
@@ -61,10 +61,9 @@ def subject_base():
     return _subject_base
 
 def valid_issuer(issuer):
+    # Handle all supported forms of issuer -- currently dogtag only.
     if api.env.ra_plugin == 'dogtag':
         return DN(issuer) == DN(('CN', 'Certificate Authority'), subject_base())
-    else:
-        return DN(issuer) == DN(('CN', '%s Certificate Authority' % api.env.realm))
 
 def strip_header(pem):
     """
@@ -238,7 +237,6 @@ def verify_cert_subject(ldap, hostname, dercert):
     issuer = str(nsscert.issuer)
     del(nsscert)
 
-    # Handle both supported forms of issuer, from selfsign and dogtag.
     if (not valid_issuer(issuer)):
         raise errors.CertificateOperationError(error=_('Issuer "%(issuer)s" does not match the expected issuer') % \
         {'issuer' : issuer})