diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2016-06-27 16:26:24 +1000 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-06-27 13:11:57 +0200 |
commit | 47d33f36507d7af16daff5b9f7e4b4acfc6d963b (patch) | |
tree | 8603de59ce5c19d37b7ca451c57a2b21a063d2bf | |
parent | 9392b212719032a694ff47ae8802b46f9f58e718 (diff) | |
download | freeipa-47d33f36507d7af16daff5b9f7e4b4acfc6d963b.tar.gz freeipa-47d33f36507d7af16daff5b9f7e4b4acfc6d963b.tar.xz freeipa-47d33f36507d7af16daff5b9f7e4b4acfc6d963b.zip |
Fix IssuerDN presence check in cert search result
When checking for presence of IssuerDN in certificate search result,
we mistakenly check for the presence of the SubjectDN field, then
unsafely index into the IssuerDN field. Check the presence of
IssuerDN correctly.
Part of: https://fedorahosted.org/freeipa/ticket/4559
Reviewed-By: Martin Basti <mbasti@redhat.com>
-rw-r--r-- | ipaserver/plugins/dogtag.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py index 919ecfeac..aef1e888e 100644 --- a/ipaserver/plugins/dogtag.py +++ b/ipaserver/plugins/dogtag.py @@ -1903,7 +1903,7 @@ class ra(rabase.rabase): response_request['subject'] = unicode(dn[0].text) issuer_dn = cert.xpath('IssuerDN') - if len(dn) == 1: + if len(issuer_dn) == 1: response_request['issuer'] = unicode(issuer_dn[0].text) status = cert.xpath('Status') |