p11-kit: add serial number in DER format

This causes Firefox to report our CA certificate as not-trustworthy.
We were previously doing this correctly, however it slipped as an
error due to certificate refactoring.

https://pagure.io/freeipa/issue/7210

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

1 files changed, 7 insertions, 0 deletions

diff --git a/ipalib/x509.py b/ipalib/x509.py
index 9f7a3c311..205e2f82d 100644
--- a/ipalib/x509.py
+++ b/ipalib/x509.py
@@ -123,18 +123,21 @@ class IPACertificate(object):
         # some field types encode-decoding is not strongly defined
         self._subject = self.__get_der_field('subject')
         self._issuer = self.__get_der_field('issuer')
+        self._serial_number = self.__get_der_field('serialNumber')
 
     def __getstate__(self):
         state = {
             '_cert': self.public_bytes(Encoding.DER),
             '_subject': self.subject_bytes,
             '_issuer': self.issuer_bytes,
+            '_serial_number': self._serial_number,
         }
         return state
 
     def __setstate__(self, state):
         self._subject = state['_subject']
         self._issuer = state['_issuer']
+        self._issuer = state['_serial_number']
         self._cert = crypto_x509.load_der_x509_certificate(
             state['_cert'], backend=default_backend())
 
@@ -216,6 +219,10 @@ class IPACertificate(object):
         return self._cert.serial_number
 
     @property
+    def serial_number_bytes(self):
+        return self._serial_number
+
+    @property
     def version(self):
         return self._cert.version