diff options
| author | Martin Kosek <mkosek@redhat.com> | 2013-03-28 14:36:36 +0100 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2013-03-29 09:00:22 +0100 |
| commit | 57d5042d28b107bbee757e825c077c5501face02 (patch) | |
| tree | 37d1087326aad58ef069c04781c4eaaf31a156cd /ipaserver | |
| parent | d27878ce9d274c6e9d10fbdd07fde7589e50fcda (diff) | |
| download | freeipa-57d5042d28b107bbee757e825c077c5501face02.tar.gz freeipa-57d5042d28b107bbee757e825c077c5501face02.tar.xz freeipa-57d5042d28b107bbee757e825c077c5501face02.zip | |
Normalize RA agent certificate
Certificate parsed out of sslget request to pki-ca was not always
properly formatted and it may still contain DOS line ending. Make
sure that the certificate is printed with correct line ending.
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/cainstance.py | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index deb9a6135..6bf22dbfc 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -1004,8 +1004,11 @@ class CAInstance(service.Service): outputList = get_outputList(data) self.ra_cert = outputList['b64_cert'] - self.ra_cert = self.ra_cert.replace('\\n','') + + # Strip certificate headers and convert it to proper line ending self.ra_cert = x509.strip_header(self.ra_cert) + self.ra_cert = "\n".join(line.strip() for line + in self.ra_cert.splitlines() if line.strip()) # Add the new RA cert to the database in /etc/httpd/alias (agent_fd, agent_name) = tempfile.mkstemp() |