| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Multiple issues fixed:
- when untracking a certificate, the path to the NSS directory must be
exactly identical (no trailing /), otherwise the request is not found
and the old certificate is still tracked.
- when a cert is issued by a 3rd party CA, no need to track it
- the server_cert should not be found using cdb.find_server_certs()[0][0]
because this function can return multiple server certificates. For
instance, /etc/httpd/alias contains ipaCert, Server-Cert and Signing-Cert
with the trust flags u,u,u. This leads to trying to track ipaCert (which is
already tracked).
The workaround is looking for server certs before and after the import,
and extract server-cert as the certificate in the second list but not in the
first list.
https://fedorahosted.org/freeipa/ticket/4785
https://fedorahosted.org/freeipa/ticket/4786
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
|
|
|
|
|
|
|
| |
This patch removes unused imports, alse pylint has been configured to
check unused imports.
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5343
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
|
|
|
|
|
|
| |
The 'as' syntax works from Python 2 on, and Python 3 will
drop the "comma" syntax.
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use Python-3 compatible syntax, without breaking compatibility with py 2.7
- Octals literals start with 0o to prevent confusion
- The "L" at the end of large int literals is not required as they use
long on Python 2 automatically.
- Using 'int' instead of 'long' for small numbers is OK in all cases except
strict type checking checking, e.g. type(0).
https://fedorahosted.org/freeipa/ticket/4985
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3090
https://fedorahosted.org/freeipa/ticket/5073
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
|
|
|
|
|
|
|
|
| |
To avoid cyclic imports realm_to_serverid function had to be moved to
installutils from dsinstance.
Required for: https://fedorahosted.org/freeipa/ticket/4925
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
|
|
|
|
|
|
|
| |
The check is done using a new hidden command ca_is_enabled.
https://fedorahosted.org/freeipa/ticket/4621
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Added new --*-cert-name options to ipa-server-install and ipa-replica-prepare
and --cert-name option to ipa-server-certinstall. The options allows choosing
a particular certificate and private key from PKCS#12 files by its friendly
name.
https://fedorahosted.org/freeipa/ticket/4489
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The --*_pkcs12 options of ipa-server-install and ipa-replica-prepare have
been replaced by --*-cert-file options which accept multiple files.
ipa-server-certinstall now accepts multiple files as well. The files are
accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and
raw private key and PKCS#12 formats.
The --root-ca-file option of ipa-server-install has been replaced by
--ca-cert-file option which accepts multiple files. The files are
accepted in PEM and DER certificate and PKCS#7 certificate chain formats.
The --*_pin options of ipa-server-install and ipa-replica-prepare have been
renamed to --*-pin.
https://fedorahosted.org/freeipa/ticket/4489
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The CA cert specified by --root-ca-file option must always be the CA cert of
the CA which issued the server certificates in the PKCS#12 files. As the cert
is not actually user selectable, use CA cert from the PKCS#12 files by default
if it is present.
Document --root-ca-file in ipa-server-install man page.
https://fedorahosted.org/freeipa/ticket/4457
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4052
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
| |
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Part of the effort to port FreeIPA to Arch Linux,
where Python 3 is the default.
FreeIPA hasn't been ported to Python 3, so the code must be modified to
run /usr/bin/python2
https://fedorahosted.org/freeipa/ticket/3438
Updated by pviktori@redhat.com
|
|
|
|
|
|
| |
This change makes single_value consistent with the raw property.
https://fedorahosted.org/freeipa/ticket/3521
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3897
|
|
|
|
|
|
|
| |
This works around pk12util refusing to use empty password files, which prevents
the use of PKCS#12 files with empty password.
https://fedorahosted.org/freeipa/ticket/3897
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3869
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3869
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3641
|
|
|
|
|
|
| |
Hide the unnecessary --dirsrv_pin and --http_pin options.
https://fedorahosted.org/freeipa/ticket/3869
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3641
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3641
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3641
|
|
Change the log file path from /var/log/ipa/default.log to admintool's default
path.
https://fedorahosted.org/freeipa/ticket/3641
|