summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/dsinstance.py
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2011-06-08 10:54:41 -0400
committerRob Crittenden <rcritten@redhat.com>2011-06-21 19:09:50 -0400
commitdd69c7dbe68e8f8674994a54ea913f2dd2e52c32 (patch)
tree5fdc303354eb26a1d2cd206c81babdc73e8d51b9 /ipaserver/install/dsinstance.py
parent3a36eced53e540fe8f2b23eadf7dffda080324de (diff)
downloadfreeipa-dd69c7dbe68e8f8674994a54ea913f2dd2e52c32.zip
freeipa-dd69c7dbe68e8f8674994a54ea913f2dd2e52c32.tar.gz
freeipa-dd69c7dbe68e8f8674994a54ea913f2dd2e52c32.tar.xz
Make data type of certificates more obvious/predictable internally.
For the most part certificates will be treated as being in DER format. When we load a certificate we will generally accept it in any format but will convert it to DER before proceeding in normalize_certificate(). This also re-arranges a bit of code to pull some certificate-specific functions out of ipalib/plugins/service.py into ipalib/x509.py. This also tries to use variable names to indicate what format the certificate is in at any given point: dercert: DER cert: PEM nsscert: a python-nss Certificate object rawcert: unknown format ticket 32
Diffstat (limited to 'ipaserver/install/dsinstance.py')
-rw-r--r--ipaserver/install/dsinstance.py4
1 files changed, 2 insertions, 2 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 845e1e2..574a5af 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -379,7 +379,7 @@ class DsInstance(service.Service):
logging.debug("completed creating ds instance")
except ipautil.CalledProcessError, e:
logging.critical("failed to restart ds instance %s" % e)
-
+
# check for open port 389 from now on
self.open_ports.append(389)
@@ -517,7 +517,7 @@ class DsInstance(service.Service):
# We only handle one server cert
nickname = server_certs[0][0]
- self.dercert = dsdb.get_cert_from_db(nickname)
+ self.dercert = dsdb.get_cert_from_db(nickname, pem=False)
dsdb.track_server_cert(nickname, self.principal, dsdb.passwd_fname)
else:
nickname = "Server-Cert"