diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2013-09-25 08:33:35 +0000 |
|---|---|---|
| committer | Petr Viktorin <pviktori@redhat.com> | 2013-10-04 10:27:23 +0200 |
| commit | c123264ac77cd533a08978909f837c8f4d3e224e (patch) | |
| tree | 965318ce39f7dcec2ff871b0fed07b810f2145d2 /ipaserver/install/installutils.py | |
| parent | 46b358811210ecb83e5ea092d0d0554c923b9823 (diff) | |
| download | freeipa.git-c123264ac77cd533a08978909f837c8f4d3e224e.tar.gz freeipa.git-c123264ac77cd533a08978909f837c8f4d3e224e.tar.xz freeipa.git-c123264ac77cd533a08978909f837c8f4d3e224e.zip | |
Read passwords from stdin when importing PKCS#12 files with pk12util.
This works around pk12util refusing to use empty password files, which prevents
the use of PKCS#12 files with empty password.
https://fedorahosted.org/freeipa/ticket/3897
Diffstat (limited to 'ipaserver/install/installutils.py')
| -rw-r--r-- | ipaserver/install/installutils.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index 67c3fa9b..67eabc25 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -720,7 +720,7 @@ def check_pkcs12(pkcs12_info, ca_file, hostname): Return a (server cert name, CA cert names) tuple """ - pkcs12_filename, pin_filename = pkcs12_info + pkcs12_filename, pkcs12_passwd = pkcs12_info root_logger.debug('Checking PKCS#12 certificate %s', pkcs12_filename) db_pwd_file = ipautil.write_tmp_file(ipautil.ipa_generate_password()) with certs.NSSDatabase() as nssdb: @@ -735,7 +735,7 @@ def check_pkcs12(pkcs12_info, ca_file, hostname): raise ScriptError(str(e)) # Import everything in the PKCS#12 - nssdb.import_pkcs12(pkcs12_filename, db_pwd_file.name, pin_filename) + nssdb.import_pkcs12(pkcs12_filename, db_pwd_file.name, pkcs12_passwd) # Check we have exactly one server cert (one with a private key) server_certs = nssdb.find_server_certs() |