From 9d4eeeda55b397237af17392f3acb9542e126145 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Thu, 12 Jun 2014 18:06:43 +0200 Subject: Allow specifying trust flags in NSSDatabase and CertDB method trust_root_cert. Reviewed-By: Rob Crittenden --- ipaserver/install/certs.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'ipaserver') diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index e201c2529..c9f038f56 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -196,15 +196,17 @@ class NSSDatabase(object): raise RuntimeError("unknown error import pkcs#12 file %s" % pkcs12_filename) - def trust_root_cert(self, root_nickname): + def trust_root_cert(self, root_nickname, trust_flags=None): if root_nickname[:7] == "Builtin": root_logger.debug( "No need to add trust for built-in root CAs, skipping %s" % root_nickname) else: + if trust_flags is None: + trust_flags = 'CT,CT,' try: self.run_certutil(["-M", "-n", root_nickname, - "-t", "CT,CT,"]) + "-t", trust_flags]) except ipautil.CalledProcessError, e: raise RuntimeError( "Setting trust on %s failed" % root_nickname) @@ -782,13 +784,13 @@ class CertDB(object): return root_nicknames - def trust_root_cert(self, root_nickname): + def trust_root_cert(self, root_nickname, trust_flags=None): if root_nickname is None: root_logger.debug("Unable to identify root certificate to trust. Continuing but things are likely to fail.") return try: - self.nssdb.trust_root_cert(root_nickname) + self.nssdb.trust_root_cert(root_nickname, trust_flags) except RuntimeError: pass -- cgit