diff options
author | jmagne <jmagne@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-12-15 22:21:26 +0000 |
---|---|---|
committer | jmagne <jmagne@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-12-15 22:21:26 +0000 |
commit | 717ddc7782211ce853d7b2d48859041e2b59559a (patch) | |
tree | 387a38db54b44e2da6267cd7f0e766e1d81542fe /pki/base/common | |
parent | b5a7e18271854491bacb02921c84806d87c399d2 (diff) | |
download | pki-717ddc7782211ce853d7b2d48859041e2b59559a.tar.gz pki-717ddc7782211ce853d7b2d48859041e2b59559a.tar.xz pki-717ddc7782211ce853d7b2d48859041e2b59559a.zip |
Fix Bugzilla Bug 661196 - ECC(with nethsm) subca configuration fails with Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA.
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1639 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/common')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java | 4 | ||||
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java | 1 |
2 files changed, 3 insertions, 2 deletions
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java index 01fd7eb0b..a94536e86 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java @@ -84,7 +84,7 @@ public class KeyConstraint extends EnrollConstraint { public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_KEY_TYPE)) { - return new Descriptor(IDescriptor.CHOICE, "RSA,EC", + return new Descriptor(IDescriptor.CHOICE, "-,RSA,EC", "RSA", CMS.getUserMessage(locale, "CMS_PROFILE_KEY_TYPE")); } else if (name.equals(CONFIG_KEY_PARAMETERS)) { @@ -144,7 +144,7 @@ public class KeyConstraint extends EnrollConstraint { if (alg.equals("EC")) { //For now only check for legal EC key type. //We don't have the required EC key class to evaluate curve names. - if (!alg.equals(keyType)) { + if (!alg.equals(keyType) && !isOptional(keyType)) { throw new ERejectException( CMS.getUserMessage( getLocale(request), diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java index 43fa3e0d8..dc8adaf97 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java @@ -58,6 +58,7 @@ public class CertUtil { throws IOException { HttpClient httpclient = new HttpClient(); String c = null; + CMS.debug("CertUtil createRemoteCert: content " + content); try { JssSSLSocketFactory factory = new JssSSLSocketFactory(); |