diff options
| author | Ade Lee <alee@redhat.com> | 2016-03-03 14:36:52 -0500 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2016-04-05 22:45:43 +0200 |
| commit | 72a71cf51e1486532e8dc4f646c51eda0479734d (patch) | |
| tree | d54867e9412d2378827eb3cc5ee1e453f10722db /base/server/python/pki/server/cli/ocsp.py | |
| parent | dcf005b9d03e53d19a8829b3e616ed304490b66d (diff) | |
| download | pki-72a71cf51e1486532e8dc4f646c51eda0479734d.tar.gz pki-72a71cf51e1486532e8dc4f646c51eda0479734d.tar.xz pki-72a71cf51e1486532e8dc4f646c51eda0479734d.zip | |
Fix pkcs12 export
The utility for exporting certs and keys to a PKCS12 file
did not handle the signing certificate correctly. This is
because the signing certificate was imported multiple times
during the export process - either with its key (and key id set)
or as part of the cert chain for the other system certs (with
no key set).
Each import would override the previous import - so whether
or not the key_id was set would depend on the order in which
the certificates were imported.
This becomes an issue for import into a clone certdb, because in
the new mechanism, we rely on the cert attributes (ie. key_id) to
determine if a key is to be imported or not.
We fix this by specifying whether the entry in the export should
be overwritten or not.
Diffstat (limited to 'base/server/python/pki/server/cli/ocsp.py')
0 files changed, 0 insertions, 0 deletions