summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/certs.py
diff options
context:
space:
mode:
Diffstat (limited to 'ipaserver/install/certs.py')
-rw-r--r--ipaserver/install/certs.py4
1 files changed, 4 insertions, 0 deletions
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 82d8290a8..55feb6596 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -490,6 +490,10 @@ class NSSDatabase(object):
try:
certdb = nss.get_default_certdb()
cert = nss.find_cert_from_nickname(nickname)
+ if not cert.subject:
+ raise ValueError("has empty subject")
+ if not cert.is_ca_cert():
+ raise ValueError("not a CA certificate")
intended_usage = nss.certificateUsageSSLCA
try:
approved_usage = cert.verify_now(certdb, True, intended_usage)
generated by cgit (git 2.34.1) at 2024-06-10 20:26:53 +0000