diff options
Diffstat (limited to 'install/tools')
-rwxr-xr-x | install/tools/ipa-server-install | 27 |
1 files changed, 13 insertions, 14 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index d9682bbb3..16a9e3391 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -70,7 +70,7 @@ pw_name = None uninstalling = False installation_cleanup = True -VALID_SUBJECT_ATTRS = ['cn', 'st', 'o', 'ou', 'dnqualifier', 'c', +VALID_SUBJECT_ATTRS = ['st', 'o', 'ou', 'dnqualifier', 'c', 'serialnumber', 'l', 'title', 'sn', 'givenname', 'initials', 'generationqualifier', 'dc', 'mail', 'uid', 'postaladdress', 'postalcode', 'postofficebox', @@ -82,7 +82,6 @@ def subject_callback(option, opt_str, value, parser): """ Make sure the certificate subject base is a valid DN """ - name = opt_str.replace('--','') v = unicode(value, 'utf-8') if any(ord(c) < 0x20 for c in v): raise OptionValueError("Subject base must not contain control characters") @@ -92,10 +91,10 @@ def subject_callback(option, opt_str, value, parser): dn = DN(v) for rdn in dn: if rdn.attr.lower() not in VALID_SUBJECT_ATTRS: - raise OptionValueError('invalid attribute: %s' % rdn.attr) + raise OptionValueError('%s=%s has invalid attribute: "%s"' % (opt_str, value, rdn.attr)) except ValueError, e: - raise OptionValueError('Invalid subject base format: %s' % str(e)) - parser.values.subject = str(dn) # may as well normalize it + raise OptionValueError('%s=%s has invalid subject base format: %s' % (opt_str, value, e)) + parser.values.subject = dn def validate_dm_password(password): if len(password) < 8: @@ -638,9 +637,9 @@ def main(): print "'%s' is not a valid PEM-encoded certificate." % options.external_cert_file sys.exit(1) - certsubject = unicode(extcert.subject) - wantsubject = unicode(DN(('CN','Certificate Authority'), options.subject)) - if certsubject.lower() != wantsubject.lower(): + certsubject = DN(str(extcert.subject)) + wantsubject = DN(('CN','Certificate Authority'), options.subject) + if certsubject != wantsubject: print "Subject of the PKCS#10 certificate is not correct (got %s, expected %s)." % (certsubject, wantsubject) sys.exit(1) @@ -653,19 +652,19 @@ def main(): print "'%s' is not a valid PEM-encoded certificate chain." % options.external_ca_file sys.exit(1) - certdict = dict((unicode(cert.subject).lower(), cert) for cert in extchain) - certissuer = unicode(extcert.issuer) - if certissuer.lower() not in certdict: + certdict = dict((DN(str(cert.subject)), cert) for cert in extchain) + certissuer = DN(str(extcert.issuer)) + if certissuer not in certdict: print "The PKCS#10 certificate is not signed by the external CA (unknown issuer %s)." % certissuer sys.exit(1) cert = extcert while cert.issuer != cert.subject: - certissuer = unicode(cert.issuer) - if certissuer.lower() not in certdict: + certissuer = DN(str(cert.issuer)) + if certissuer not in certdict: print "The external CA chain is incomplete (%s is missing from the chain)." % certissuer sys.exit(1) - cert = certdict[certissuer.lower()] + cert = certdict[certissuer] print "==============================================================================" print "This program will set up the FreeIPA Server." |