summaryrefslogtreecommitdiffstats
path: root/base/server/python
diff options
context:
space:
mode:
authorFraser Tweedale <ftweedal@redhat.com>2016-08-24 14:40:46 +1000
committerAde Lee <alee@redhat.com>2016-09-06 17:24:37 -0400
commit68d98b63e18c5c952e0cdf3193b0ce1a5c55d5c1 (patch)
tree4c9239355b5a2bb60fbb028dd054cd5c08f620fb /base/server/python
parentaf8ff4a7c36614c1b41338f9e32a83462d4163be (diff)
downloadpki-68d98b63e18c5c952e0cdf3193b0ce1a5c55d5c1.tar.gz
pki-68d98b63e18c5c952e0cdf3193b0ce1a5c55d5c1.tar.xz
pki-68d98b63e18c5c952e0cdf3193b0ce1a5c55d5c1.zip
Prevent deletion of host CA cert and key from NSSDB
If authorityMonitor observes the deletion of the host CA's authority entry, it will treat it the same as any other lightweight CA and delete the signing cert AND KEY from the NSSDB. Because the database is replicated, the change would be observed and deletion immediately effected on all running clones. Unless the main CA private key is backed up somewhere there is no way to recover from this. Although this scenario does not arise in normal operation, the impact is severe so add a check that prevents cert and key deletion for host authority. Fixes: https://fedorahosted.org/pki/ticket/2443
Diffstat (limited to 'base/server/python')
0 files changed, 0 insertions, 0 deletions
generated by cgit (git 2.34.1) at 2026-01-20 16:26:13 +0000