diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-06-12 17:20:19 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-07-30 16:04:21 +0200 |
commit | 55d3bab57b83a32e8c0976902deea80236f387e7 (patch) | |
tree | 7ba6e59743fb8d38f2429eba30b45a320a68a344 /ipaplatform/base | |
parent | 24932b2d91d3a32bc881d076562f9fe483a3d44e (diff) | |
download | freeipa-55d3bab57b83a32e8c0976902deea80236f387e7.tar.gz freeipa-55d3bab57b83a32e8c0976902deea80236f387e7.tar.xz freeipa-55d3bab57b83a32e8c0976902deea80236f387e7.zip |
Get CA certs for system-wide store from cert store in ipa-client-install.
All of the certificates and associated key policy are now stored in
/etc/pki/ca-trust/source/ipa.p11-kit.
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'ipaplatform/base')
-rw-r--r-- | ipaplatform/base/paths.py | 2 | ||||
-rw-r--r-- | ipaplatform/base/tasks.py | 10 |
2 files changed, 6 insertions, 6 deletions
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index e32a4475f..2ab06e27a 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -80,7 +80,7 @@ class BasePathNamespace(object): PAM_LDAP_CONF = "/etc/pam_ldap.conf" PASSWD = "/etc/passwd" ETC_PKI_CA_DIR = "/etc/pki-ca" - SYSTEMWIDE_CA_STORE = "/etc/pki/ca-trust/source/anchors/" + IPA_P11_KIT = "/etc/pki/ca-trust/source/ipa.p11-kit" NSS_DB_DIR = "/etc/pki/nssdb" NSSDB_CERT8_DB = "/etc/pki/nssdb/cert8.db" NSSDB_KEY3_DB = "/etc/pki/nssdb/key3.db" diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py index 67c20f31d..a4ef0ded0 100644 --- a/ipaplatform/base/tasks.py +++ b/ipaplatform/base/tasks.py @@ -49,9 +49,9 @@ class BaseTaskNamespace(object): return - def insert_ca_cert_into_systemwide_ca_store(self, path): + def insert_ca_certs_into_systemwide_ca_store(self, ca_certs): """ - Adds the CA certificate located at 'path' to the systemwide CA store + Adds CA certificates from 'ca_certs' to the systemwide CA store (if available on the platform). Returns True if the operation succeeded, False otherwise. @@ -59,10 +59,10 @@ class BaseTaskNamespace(object): return True - def remove_ca_cert_from_systemwide_ca_store(self, path): + def remove_ca_certs_from_systemwide_ca_store(self): """ - Removes the CA certificate located at 'path' from the systemwide CA - store (if available on the platform). + Removes IPA CA certificates from the systemwide CA store + (if available on the platform). Returns True if the operation succeeded, False otherwise. """ |