diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2017-03-10 09:22:42 +0000 |
|---|---|---|
| committer | David Kupka <dkupka@redhat.com> | 2017-03-14 12:58:45 +0100 |
| commit | 8ed891cb619abd2efd428f767edf760ebf5eec5d (patch) | |
| tree | 4e15ed642fa731001cdf2d17bc0ff95245596855 /ipaclient | |
| parent | c60d9c9744b1f8a7b55bcdda65cce8bb36700bf6 (diff) | |
| download | freeipa-8ed891cb619abd2efd428f767edf760ebf5eec5d.tar.gz freeipa-8ed891cb619abd2efd428f767edf760ebf5eec5d.tar.xz freeipa-8ed891cb619abd2efd428f767edf760ebf5eec5d.zip | |
cert: include certificate chain in cert command output
Include the full certificate chain in the output of cert-request, cert-show
and cert-find if --chain or --all is specified.
If output file is specified in the CLI together with --chain, the full
certificate chain is written to the file.
https://pagure.io/freeipa/issue/6547
Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'ipaclient')
| -rw-r--r-- | ipaclient/plugins/cert.py | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/ipaclient/plugins/cert.py b/ipaclient/plugins/cert.py index 62171e92f..9ec6970b1 100644 --- a/ipaclient/plugins/cert.py +++ b/ipaclient/plugins/cert.py @@ -57,7 +57,10 @@ class CertRetrieveOverride(MethodOverride): result = super(CertRetrieveOverride, self).forward(*args, **options) if certificate_out is not None: - certs = [result['result']['certificate']] + if options.get('chain', False): + certs = result['result']['certificate_chain'] + else: + certs = [result['result']['certificate']] certs = (x509.normalize_certificate(cert) for cert in certs) certs = (x509.make_pem(base64.b64encode(cert)) for cert in certs) with open(certificate_out, 'w') as f: |