diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2017-09-06 16:23:03 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2017-12-04 10:29:19 -0500 |
| commit | 17bda0b1a532ff2ac8503187e2d6e648f63d427f (patch) | |
| tree | 6fe1881da3d8895f72dbaa452e3ba3e066381b2b /ipalib | |
| parent | 1ec3d54d555d6d33bc03a01963efd4314e182242 (diff) | |
| download | freeipa-17bda0b1a532ff2ac8503187e2d6e648f63d427f.tar.gz freeipa-17bda0b1a532ff2ac8503187e2d6e648f63d427f.tar.xz freeipa-17bda0b1a532ff2ac8503187e2d6e648f63d427f.zip | |
Use the CA chain file from the RPC context
The value can be passed in the create_connection() call but
wasn't used outside that call. It already defaults to
api.env.tls_ca_cert so the context.ca_certfile should be used
instead so the caller can override the cert chain on a
per-connection basis. This may be handy in the future when
there is IPA-to-IPA trust, or for IPA-to-IPA migration.
https://pagure.io/freeipa/issue/7145
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/rpc.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ipalib/rpc.py b/ipalib/rpc.py index de3dd9d16..4b5de90d2 100644 --- a/ipalib/rpc.py +++ b/ipalib/rpc.py @@ -561,7 +561,7 @@ class SSLTransport(LanguageAwareTransport): conn = create_https_connection( host, 443, - api.env.tls_ca_cert, + getattr(context, 'ca_certfile', None), tls_version_min=api.env.tls_version_min, tls_version_max=api.env.tls_version_max) |