diff options
author | Jan Cholasta <jcholast@redhat.com> | 2013-09-25 08:33:35 +0000 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2013-10-04 10:27:23 +0200 |
commit | c123264ac77cd533a08978909f837c8f4d3e224e (patch) | |
tree | 965318ce39f7dcec2ff871b0fed07b810f2145d2 /ipaserver/install/ipa_server_certinstall.py | |
parent | 46b358811210ecb83e5ea092d0d0554c923b9823 (diff) | |
download | freeipa-c123264ac77cd533a08978909f837c8f4d3e224e.tar.gz freeipa-c123264ac77cd533a08978909f837c8f4d3e224e.tar.xz freeipa-c123264ac77cd533a08978909f837c8f4d3e224e.zip |
Read passwords from stdin when importing PKCS#12 files with pk12util.
This works around pk12util refusing to use empty password files, which prevents
the use of PKCS#12 files with empty password.
https://fedorahosted.org/freeipa/ticket/3897
Diffstat (limited to 'ipaserver/install/ipa_server_certinstall.py')
-rw-r--r-- | ipaserver/install/ipa_server_certinstall.py | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/ipaserver/install/ipa_server_certinstall.py b/ipaserver/install/ipa_server_certinstall.py index a9563e095..1aa27b2e6 100644 --- a/ipaserver/install/ipa_server_certinstall.py +++ b/ipaserver/install/ipa_server_certinstall.py @@ -155,9 +155,8 @@ class ServerCertInstall(admintool.AdminTool): os.chown(os.path.join(dirname, 'secmod.db'), 0, pent.pw_gid) def import_cert(self, dirname, pkcs12_passwd, old_cert, principal, command): - pw = write_tmp_file(pkcs12_passwd) server_cert = installutils.check_pkcs12( - pkcs12_info=(self.pkcs12_fname, pw.name), + pkcs12_info=(self.pkcs12_fname, pkcs12_passwd), ca_file=CACERT, hostname=api.env.host) @@ -167,7 +166,7 @@ class ServerCertInstall(admintool.AdminTool): cdb.untrack_server_cert(old_cert) cdb.delete_cert(old_cert) - cdb.import_pkcs12(self.pkcs12_fname, pw.name) + cdb.import_pkcs12(self.pkcs12_fname, pkcs12_passwd) if api.env.enable_ra: cdb.track_server_cert(server_cert, principal, cdb.passwd_fname, |