diff options
author | David Kupka <dkupka@redhat.com> | 2014-10-14 03:40:43 -0400 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-10-14 10:55:29 +0200 |
commit | c8f7cb0163c766aa46a3435dfc9984bf8761f27d (patch) | |
tree | 40a99832e6da331ffc96b0246268d22aec99b6db /ipapython/certmonger.py | |
parent | 4cdeacdedfe344e570da99548043a07a6fa24dbe (diff) | |
download | freeipa-c8f7cb0163c766aa46a3435dfc9984bf8761f27d.tar.gz freeipa-c8f7cb0163c766aa46a3435dfc9984bf8761f27d.tar.xz freeipa-c8f7cb0163c766aa46a3435dfc9984bf8761f27d.zip |
Set IPA CA for freeipa certificates.
In previous versions (before moving certmonger.py to DBus) it was set and some
tools and modules depends on it. For example: ipa-getcert uses this to filter
freeipa certificates.
https://fedorahosted.org/freeipa/ticket/4618
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipapython/certmonger.py')
-rw-r--r-- | ipapython/certmonger.py | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/ipapython/certmonger.py b/ipapython/certmonger.py index bcfafdaf4..ca8b37392 100644 --- a/ipapython/certmonger.py +++ b/ipapython/certmonger.py @@ -278,7 +278,7 @@ def start_tracking(nickname, secdir, password_file=None, command=None): certmonger to run when it renews a certificate. This command must reside in /usr/lib/ipa/certmonger to work with SELinux. - Returns True or False + Returns certificate nickname. """ cm = _connect_to_certmonger() params = {'TRACK': True} @@ -288,6 +288,10 @@ def start_tracking(nickname, secdir, password_file=None, command=None): params['key-nickname'] = nickname params['key-database'] = os.path.abspath(secdir) params['key-storage'] = 'NSSDB' + ca_path = cm.obj_if.find_ca_by_nickname('IPA') + if not ca_path: + raise RuntimeError('IPA CA not found') + params['ca'] = ca_path if command: params['cert-postsave-command'] = command if password_file: |