From 987bf3fbf097425935a91730f725f02107116f27 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Thu, 3 Jul 2014 15:29:44 +0200
Subject: Allow multiple CA certificates in replica info files.

Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
---
 ipaserver/install/certs.py | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

(limited to 'ipaserver')

diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 02f079e63..815f3bf31 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -868,7 +868,21 @@ class CertDB(object):
             raise RuntimeError("Could not find a suitable server cert in import in %s" % pkcs12_fname)
 
         if ca_file:
-            self.nssdb.import_pem_cert('CA', ',,', ca_file)
+            try:
+                with open(ca_file) as fd:
+                    certs = fd.read()
+            except IOError as e:
+                raise RuntimeError(
+                    "Failed to open %s: %s" % (ca_file, e.strerror))
+            st = 0
+            num = 1
+            while True:
+                try:
+                    cert, st = find_cert_from_txt(certs, st)
+                except RuntimeError:
+                    break
+                self.add_cert(cert, 'CA %s' % num, ',,', pem=True)
+                num += 1
 
         # We only handle one server cert
         nickname = server_certs[0][0]
-- 
cgit