From d43f4dab6773ea7d91e71193969b26df4efaaffc Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Wed, 6 Apr 2016 19:22:48 +0200
Subject: Fixed pki pkcs12-import backward compatibility.

For backward compatibility the pki pkcs12-import has been modified
to generate default nicknames and trust flags for CA certificates
if they are not specified in the PKCS #12 file. The PKCS12Util was
also modified to find the certificate corresponding to a key more
accurately using the local ID instead of the subject DN.

The configuration servlet has been modified to provide better
debugging information when updating the security domain.

https://fedorahosted.org/pki/ticket/2255
---
 base/common/python/pki/cli/pkcs12.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'base/common/python')

diff --git a/base/common/python/pki/cli/pkcs12.py b/base/common/python/pki/cli/pkcs12.py
index dc999a120..a7c32cc2b 100644
--- a/base/common/python/pki/cli/pkcs12.py
+++ b/base/common/python/pki/cli/pkcs12.py
@@ -220,7 +220,12 @@ class PKCS12ImportCLI(pki.cli.CLI):
 
                     cert_id = cert_info['id']
                     nickname = cert_info['nickname']
-                    trust_flags = cert_info['trust_flags']
+
+                    if 'trust_flags' in cert_info:
+                        trust_flags = cert_info['trust_flags']
+                    else:
+                        # default trust flags for CA certificates
+                        trust_flags = 'CT,c,c'
 
                     if main_cli.verbose:
                         print('Exporting %s (%s) from PKCS #12 file' % (nickname, cert_id))
-- 
cgit