From d43ba5316a08249fa276cdc43338d85f784547f0 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Sun, 17 Jul 2011 12:55:54 -0400 Subject: Generate a database password by default in all cases. If the password passed in when creating a NSS certificate database is None then a random password is generated. If it is empty ('') then an empty password is set. Because of this the HTTP instance on replicas were created with an empty password. https://fedorahosted.org/freeipa/ticket/1407 --- ipaserver/install/certs.py | 2 +- ipaserver/install/httpinstance.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'ipaserver') diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index 522d3f576..1bbcbabe6 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -914,7 +914,7 @@ class CertDB(object): self.export_ca_cert(self.cacert_name, True) self.create_pin_file() - def create_from_cacert(self, cacert_fname, passwd=""): + def create_from_cacert(self, cacert_fname, passwd=None): if ipautil.file_exists(self.certdb_fname): # We already have a cert db, see if it is for the same CA. # If it is we leave things as they are. diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 26fde51f9..d2eb27c96 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -177,7 +177,7 @@ class HTTPInstance(service.Service): db = certs.CertDB(self.realm, subject_base=self.subject_base) if self.pkcs12_info: - db.create_from_pkcs12(self.pkcs12_info[0], self.pkcs12_info[1], passwd="") + db.create_from_pkcs12(self.pkcs12_info[0], self.pkcs12_info[1], passwd=None) server_certs = db.find_server_certs() if len(server_certs) == 0: raise RuntimeError("Could not find a suitable server cert in import in %s" % self.pkcs12_info[0]) -- cgit