diff options
| author | Stanislav Laznicka <slaznick@redhat.com> | 2017-01-27 08:58:00 +0100 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2017-03-01 09:43:41 +0000 |
| commit | 595f9b64e31dc9e4f035119e834db7e6cb152dce (patch) | |
| tree | f643e390ab2fd297588ecd62eb1bef75177ecef3 /ipalib/install | |
| parent | 76e8d7b35d110e5cf5494898950ab3607799c031 (diff) | |
| download | freeipa-595f9b64e31dc9e4f035119e834db7e6cb152dce.tar.gz freeipa-595f9b64e31dc9e4f035119e834db7e6cb152dce.tar.xz freeipa-595f9b64e31dc9e4f035119e834db7e6cb152dce.zip | |
Workaround for certmonger's "Subject" representations
If an OpenSSL certificate is requested in Certmonger
(CERT_STORAGE == "FILE") the "Subject" field of such Certificate
is ordered as received. However, when an NSS certificate is
requested, the "Subject" field takes the LDAP order
(components get reversed). This is a workaround so that the behavior
stays the same.
The workaround should be removed when
https://pagure.io/certmonger/issue/62 gets fixed.
https://fedorahosted.org/freeipa/ticket/5695
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipalib/install')
| -rw-r--r-- | ipalib/install/certmonger.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/ipalib/install/certmonger.py b/ipalib/install/certmonger.py index 951ca9ab8..812fa0455 100644 --- a/ipalib/install/certmonger.py +++ b/ipalib/install/certmonger.py @@ -32,6 +32,7 @@ import subprocess import tempfile from ipalib import api from ipapython.ipa_log_manager import root_logger +from ipapython.dn import DN from ipaplatform.paths import paths from ipaplatform import services @@ -329,6 +330,10 @@ def request_cert( """ if storage == 'FILE': certfile, keyfile = certpath + # This is a workaround for certmonger having different Subject + # representation with NSS and OpenSSL + # https://pagure.io/certmonger/issue/62 + subject = str(DN(*reversed(DN(subject)))) else: certfile = certpath keyfile = certpath |