pki.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Fraser Tweedale <ftweedal@redhat.com>	2016-09-22 12:00:35 +1000
committer	Fraser Tweedale <ftweedal@redhat.com>	2016-09-23 13:34:40 +1000
commit	9043a08bef3723ca218ad7e5dd82be61166b5a1d (patch)
tree	1c57f438a0bb49279a17fa06a582a263b8b1f46c /base/java-tools/src
parent	3ea93c9b4bc03f3d79550d8bdfd1447ffa25238d (diff)
download	pki-9043a08bef3723ca218ad7e5dd82be61166b5a1d.tar.gz pki-9043a08bef3723ca218ad7e5dd82be61166b5a1d.tar.xz pki-9043a08bef3723ca218ad7e5dd82be61166b5a1d.zip

Compare serialised DNs in host authority check

CA startup creates an LWCA entry for the host authority if it determines that one has not already been created. It determines if an LWCA entry corresponds to the host CA by comparing the DN from LDAP with the DN from the host authority's certificate. If the DN from the host authority's certificate contains values encoded as PrintableString, it will compare unequal to the DN from LDAP, which parses to UTF8String AVA values. This causes the addition of a spurious host authority entry every time the server starts. Serialise DNs before comparing, to avoid these false negatives. Fixes: https://fedorahosted.org/pki/ticket/2475

Diffstat (limited to 'base/java-tools/src')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: