From f6f8307be282e96df4fa4f35e83f1ff17403cf86 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Wed, 6 Mar 2013 14:28:18 -0500
Subject: Don't base64-encode the CA cert when uploading it during an upgrade.

We want to store the raw value. Tools like ldapsearch will automatically
base64 encode the value because it's binary so we don't want to duplicate
that.

https://fedorahosted.org/freeipa/ticket/3477
---
 ipaserver/install/plugins/upload_cacrt.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'ipaserver')

diff --git a/ipaserver/install/plugins/upload_cacrt.py b/ipaserver/install/plugins/upload_cacrt.py
index d60247b7c..a82fc36bf 100644
--- a/ipaserver/install/plugins/upload_cacrt.py
+++ b/ipaserver/install/plugins/upload_cacrt.py
@@ -39,7 +39,6 @@ class update_upload_cacrt(PostUpdate):
         certdb = certs.CertDB(api.env.realm, nssdir=dirname, subject_base=subject_base)
 
         dercert = certdb.get_cert_from_db(certdb.cacert_name, pem=False)
-        cadercert = base64.b64encode(dercert)
 
         updates = {}
         dn = DN(('cn', 'CACert'), ('cn', 'ipa'), ('cn','etc'), api.env.basedn)
@@ -47,7 +46,7 @@ class update_upload_cacrt(PostUpdate):
         cacrt_entry = ['objectclass:nsContainer',
                        'objectclass:pkiCA',
                        'cn:CAcert',
-                       'cACertificate;binary:%s' % cadercert,
+                       'cACertificate;binary:%s' % dercert,
                       ]
         updates[dn] = {'dn': dn, 'default': cacrt_entry}
 
-- 
cgit