From e736e75ce9724ae8298a5b69d093313cd6e62b60 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Wed, 27 Mar 2013 14:25:18 +0100
Subject: Drop --selfsign server functionality

Design: http://freeipa.org/page/V3/Drop_selfsign_functionality
Ticket: https://fedorahosted.org/freeipa/ticket/3494
---
 ipalib/x509.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'ipalib/x509.py')

diff --git a/ipalib/x509.py b/ipalib/x509.py
index 4f81fb59a..dc5418e1a 100644
--- a/ipalib/x509.py
+++ b/ipalib/x509.py
@@ -61,10 +61,9 @@ def subject_base():
     return _subject_base
 
 def valid_issuer(issuer):
+    # Handle all supported forms of issuer -- currently dogtag only.
     if api.env.ra_plugin == 'dogtag':
         return DN(issuer) == DN(('CN', 'Certificate Authority'), subject_base())
-    else:
-        return DN(issuer) == DN(('CN', '%s Certificate Authority' % api.env.realm))
 
 def strip_header(pem):
     """
@@ -238,7 +237,6 @@ def verify_cert_subject(ldap, hostname, dercert):
     issuer = str(nsscert.issuer)
     del(nsscert)
 
-    # Handle both supported forms of issuer, from selfsign and dogtag.
     if (not valid_issuer(issuer)):
         raise errors.CertificateOperationError(error=_('Issuer "%(issuer)s" does not match the expected issuer') % \
         {'issuer' : issuer})
-- 
cgit