diff options
Diffstat (limited to 'ipaserver/install/certs.py')
-rw-r--r-- | ipaserver/install/certs.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index 82d8290a8..55feb6596 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -490,6 +490,10 @@ class NSSDatabase(object): try: certdb = nss.get_default_certdb() cert = nss.find_cert_from_nickname(nickname) + if not cert.subject: + raise ValueError("has empty subject") + if not cert.is_ca_cert(): + raise ValueError("not a CA certificate") intended_usage = nss.certificateUsageSSLCA try: approved_usage = cert.verify_now(certdb, True, intended_usage) |