pki.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Fraser Tweedale <ftweedal@redhat.com>	2016-08-24 14:10:55 +1000
committer	Ade Lee <alee@redhat.com>	2016-09-06 17:25:07 -0400
commit	e457cb8367f39562a844229ddb9da9c3a46d9611 (patch)
tree	422d412aeb13f3d8127c417ee2bc7cb08a55401f /base/server/python
parent	d1aa1ec049d7cb5beed9ba79b09930a90a3c51fe (diff)
download	pki-e457cb8367f39562a844229ddb9da9c3a46d9611.tar.gz pki-e457cb8367f39562a844229ddb9da9c3a46d9611.tar.xz pki-e457cb8367f39562a844229ddb9da9c3a46d9611.zip

Perform host authority check before entryUSN check

When processing lightweight CAs, currently we perform the entryUSN check before the host authority check. If the entry does not have an entryUSN attribute, and if the DS USN plugin is not enabled, the entry gets skipped and we do not reach the host authority check. This causes the CA to believe that it has not seen the host authority entry, and results in additional entries being added. Move the host authority check before the entryUSN check to avoid this scenario. Fixes: https://fedorahosted.org/pki/ticket/2444

Diffstat (limited to 'base/server/python')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: