diff options
author | Endi S. Dewata <edewata@redhat.com> | 2016-08-01 22:35:32 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2016-08-05 22:23:50 +0200 |
commit | b7d4f6e9efd8b2e7d26a001f6c18a10b82df6b56 (patch) | |
tree | fd80f34ed91ffb38b9eedd3a0d65ec7d101e1468 /specs/pki-core.spec | |
parent | da66600e8ae07fa4169d24909c7d04ed69d2906c (diff) | |
download | pki-b7d4f6e9efd8b2e7d26a001f6c18a10b82df6b56.tar.gz pki-b7d4f6e9efd8b2e7d26a001f6c18a10b82df6b56.tar.xz pki-b7d4f6e9efd8b2e7d26a001f6c18a10b82df6b56.zip |
Fixed PKCS #12 import for cloning.
To fix cloning issue in IPA the security_database.py has been
modified to import all certificates and keys in the PKCS #12 file
before the PKI server is started. Since the PKCS #12 generated by
IPA may not contain the certificate trust flags, the script will
also reset the trust flags on the imported certificates (i.e.
CT,C,C for CA certificate and u,u,Pu for audit certificate).
The ConfigurationUtils.restoreCertsFromP12() is now redundant and
it should be removed in the future, but for now it has been
modified to set the same trust flags on imported certificates.
The CryptoUtil.importCertificateChain() has also been modified to
set the same trust flags on imported certificates.
https://fedorahosted.org/pki/ticket/2424
Diffstat (limited to 'specs/pki-core.spec')
0 files changed, 0 insertions, 0 deletions