diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-07-03 15:29:44 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-07-30 16:04:21 +0200 |
commit | 987bf3fbf097425935a91730f725f02107116f27 (patch) | |
tree | cdc4ba73d39955adc140fe4aa567b46603114ef4 /ipaserver | |
parent | f1e186d7d879098b37ba6c3f6ea257942381d4c1 (diff) | |
download | freeipa-987bf3fbf097425935a91730f725f02107116f27.tar.gz freeipa-987bf3fbf097425935a91730f725f02107116f27.tar.xz freeipa-987bf3fbf097425935a91730f725f02107116f27.zip |
Allow multiple CA certificates in replica info files.
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/certs.py | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index 02f079e63..815f3bf31 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -868,7 +868,21 @@ class CertDB(object): raise RuntimeError("Could not find a suitable server cert in import in %s" % pkcs12_fname) if ca_file: - self.nssdb.import_pem_cert('CA', ',,', ca_file) + try: + with open(ca_file) as fd: + certs = fd.read() + except IOError as e: + raise RuntimeError( + "Failed to open %s: %s" % (ca_file, e.strerror)) + st = 0 + num = 1 + while True: + try: + cert, st = find_cert_from_txt(certs, st) + except RuntimeError: + break + self.add_cert(cert, 'CA %s' % num, ',,', pem=True) + num += 1 # We only handle one server cert nickname = server_certs[0][0] |