Fixed default CA cert trust flags in pki CLI.

The pki CLI has been modified to use CT,C,C as the default trust flags for CA certificate import operations. https://pagure.io/dogtagpki/issue/2726 Change-Id: I68c5a0303459319cc746a77703d0a420f4f68377
author: Endi S. Dewata <edewata@redhat.com> 2017-06-03 03:52:09 +0200
committer: Endi S. Dewata <edewata@redhat.com> 2017-06-03 04:04:48 +0200
commit: 64b7b7abfed29b6a520be66414139364d713461e (patch)
tree: fddbb40328d3df21b0ff398cb54622c2e158a87c /base
parent: 3ef47867df74eb9dce408b88756ccce7d7438da5 (diff)
download: pki-64b7b7abfed29b6a520be66414139364d713461e.tar.gz
pki-64b7b7abfed29b6a520be66414139364d713461e.tar.xz
pki-64b7b7abfed29b6a520be66414139364d713461e.zip
3 files changed, 4 insertions, 3 deletions
diff --git a/base/common/python/pki/cli/pkcs12.py b/base/common/python/pki/cli/pkcs12.py
index 6b99fcfbd..2f8aabfa1 100644
--- a/base/common/python/pki/cli/pkcs12.py
+++ b/base/common/python/pki/cli/pkcs12.py
@@ -237,7 +237,7 @@ class PKCS12ImportCLI(pki.cli.CLI):
                         trust_flags = cert_info['trust_flags']
                     else:
                         # default trust flags for CA certificates
-                        trust_flags = 'CT,c,c'
+                        trust_flags = 'CT,C,C'
 
                     if main_cli.verbose:
                         print('Exporting %s (%s) from PKCS #12 file' % (nickname, cert_id))
diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientCertImportCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientCertImportCLI.java
index 1c67f9985..844453e75 100644
--- a/base/java-tools/src/com/netscape/cmstools/client/ClientCertImportCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/client/ClientCertImportCLI.java
@@ -164,7 +164,7 @@ public class ClientCertImportCLI extends CLI {
             if (verbose) System.out.println("Importing CA certificate from " + caCertPath + ".");
 
             if (trustAttributes == null)
-                trustAttributes = "CT,c,";
+                trustAttributes = "CT,C,C";
 
             importCert(
                     mainCLI.certDatabase,
@@ -227,7 +227,7 @@ public class ClientCertImportCLI extends CLI {
             }
 
             if (trustAttributes == null)
-                trustAttributes = "CT,c,";
+                trustAttributes = "CT,C,C";
 
             importCert(
                     mainCLI.certDatabase,
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
index c9a375f24..ebade36bc 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
@@ -1113,6 +1113,7 @@ public class ConfigurationUtils {
                             | InternalCertificate.VALID_CA);
 
                 } else if (isAuditSigningCert(name)) {
+                    // set trust flags to u,u,Pu
                     icert.setObjectSigningTrust(InternalCertificate.USER
                             | InternalCertificate.VALID_PEER
                             | InternalCertificate.TRUSTED_PEER);
author	Endi S. Dewata <edewata@redhat.com>	2017-06-03 03:52:09 +0200
committer	Endi S. Dewata <edewata@redhat.com>	2017-06-03 04:04:48 +0200
commit	64b7b7abfed29b6a520be66414139364d713461e (patch)
tree	fddbb40328d3df21b0ff398cb54622c2e158a87c /base
parent	3ef47867df74eb9dce408b88756ccce7d7438da5 (diff)
download	pki-64b7b7abfed29b6a520be66414139364d713461e.tar.gz pki-64b7b7abfed29b6a520be66414139364d713461e.tar.xz pki-64b7b7abfed29b6a520be66414139364d713461e.zip