From ec75348354a01fd332e047085942fb4a4476b184 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Wed, 3 Jul 2013 11:00:58 +0200
Subject: Skip cert issuer validation in service and host commands in CA-less
 install.

https://fedorahosted.org/freeipa/ticket/3736
---
 ipalib/x509.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ipalib/x509.py b/ipalib/x509.py
index dc5418e1a..ca6eac50f 100644
--- a/ipalib/x509.py
+++ b/ipalib/x509.py
@@ -61,9 +61,12 @@ def subject_base():
     return _subject_base
 
 def valid_issuer(issuer):
+    if not api.env.enable_ra:
+        return True
     # Handle all supported forms of issuer -- currently dogtag only.
     if api.env.ra_plugin == 'dogtag':
         return DN(issuer) == DN(('CN', 'Certificate Authority'), subject_base())
+    return True
 
 def strip_header(pem):
     """
-- 
cgit