diff options
author | Endi S. Dewata <edewata@redhat.com> | 2017-06-03 03:52:09 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2017-06-03 04:04:48 +0200 |
commit | 64b7b7abfed29b6a520be66414139364d713461e (patch) | |
tree | fddbb40328d3df21b0ff398cb54622c2e158a87c /base | |
parent | 3ef47867df74eb9dce408b88756ccce7d7438da5 (diff) | |
download | pki-64b7b7abfed29b6a520be66414139364d713461e.tar.gz pki-64b7b7abfed29b6a520be66414139364d713461e.tar.xz pki-64b7b7abfed29b6a520be66414139364d713461e.zip |
Fixed default CA cert trust flags in pki CLI.
The pki CLI has been modified to use CT,C,C as the default trust
flags for CA certificate import operations.
https://pagure.io/dogtagpki/issue/2726
Change-Id: I68c5a0303459319cc746a77703d0a420f4f68377
Diffstat (limited to 'base')
3 files changed, 4 insertions, 3 deletions
diff --git a/base/common/python/pki/cli/pkcs12.py b/base/common/python/pki/cli/pkcs12.py index 6b99fcfbd..2f8aabfa1 100644 --- a/base/common/python/pki/cli/pkcs12.py +++ b/base/common/python/pki/cli/pkcs12.py @@ -237,7 +237,7 @@ class PKCS12ImportCLI(pki.cli.CLI): trust_flags = cert_info['trust_flags'] else: # default trust flags for CA certificates - trust_flags = 'CT,c,c' + trust_flags = 'CT,C,C' if main_cli.verbose: print('Exporting %s (%s) from PKCS #12 file' % (nickname, cert_id)) diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientCertImportCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientCertImportCLI.java index 1c67f9985..844453e75 100644 --- a/base/java-tools/src/com/netscape/cmstools/client/ClientCertImportCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/client/ClientCertImportCLI.java @@ -164,7 +164,7 @@ public class ClientCertImportCLI extends CLI { if (verbose) System.out.println("Importing CA certificate from " + caCertPath + "."); if (trustAttributes == null) - trustAttributes = "CT,c,"; + trustAttributes = "CT,C,C"; importCert( mainCLI.certDatabase, @@ -227,7 +227,7 @@ public class ClientCertImportCLI extends CLI { } if (trustAttributes == null) - trustAttributes = "CT,c,"; + trustAttributes = "CT,C,C"; importCert( mainCLI.certDatabase, diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java index c9a375f24..ebade36bc 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java +++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java @@ -1113,6 +1113,7 @@ public class ConfigurationUtils { | InternalCertificate.VALID_CA); } else if (isAuditSigningCert(name)) { + // set trust flags to u,u,Pu icert.setObjectSigningTrust(InternalCertificate.USER | InternalCertificate.VALID_PEER | InternalCertificate.TRUSTED_PEER); |