diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2009-12-18 11:01:00 -0500 |
|---|---|---|
| committer | Jason Gerard DeRose <jderose@redhat.com> | 2010-01-08 13:36:16 -0700 |
| commit | b8016807ebb95b97f0a4631574be484371f4dcd0 (patch) | |
| tree | 8d1a2fbd28d53e5911a3158e316d9d6ac32c03e4 | |
| parent | 864490ff41c306b7388dd08ab5091df2f8310a55 (diff) | |
Use the caIPAserviceCert profile for issuing service certs.
This profile enables subject validation and ensures that the subject
that the CA issues is uniform. The client can only request a specific
CN, the rest of the subject is fixed.
This is the first step of allowing the subject to be set at
installation time.
Also fix 2 more issues related to the return results migration.
| -rw-r--r-- | ipalib/plugins/cert.py | 4 | ||||
| -rw-r--r-- | ipaserver/plugins/dogtag.py | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/ipalib/plugins/cert.py b/ipalib/plugins/cert.py index a7cd4155f..a22d0753e 100644 --- a/ipalib/plugins/cert.py +++ b/ipalib/plugins/cert.py @@ -179,7 +179,7 @@ class cert_request(VirtualCommand): # going to add it try: if not principal.startswith('host/'): - service = api.Command['service_show'](principal, all=True, raw=True) + service = api.Command['service_show'](principal, all=True, raw=True)['result'] dn = service['dn'] else: realm = principal.find('@') @@ -196,7 +196,7 @@ class cert_request(VirtualCommand): if not add: raise errors.NotFound(reason="The service principal for this request doesn't exist.") try: - service = api.Command['service_add'](principal, **{}) + service = api.Command['service_add'](principal, **{})['result'] dn = service['dn'] except errors.ACIError: raise errors.ACIError(info='You need to be a member of the serviceadmin role to add services') diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py index 710a50a3d..9b799d45d 100644 --- a/ipaserver/plugins/dogtag.py +++ b/ipaserver/plugins/dogtag.py @@ -1511,7 +1511,7 @@ class ra(rabase.rabase): http_status, http_reason_phrase, http_headers, http_body = \ self._sslget('/ca/ee/ca/profileSubmit', self.env.ca_ee_port, - profileId='caRAserverCert', + profileId='caIPAserviceCert', cert_request_type=request_type, cert_request=csr, xml='true') |