diff options
| author | Martin Kosek <mkosek@redhat.com> | 2011-07-27 11:02:00 +0200 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2011-07-27 20:56:16 -0400 |
| commit | 18aa73e06e30939b6b8d0a2c6def41fb6bd4eef8 (patch) | |
| tree | 4c91ca036611daf98218e8f93c867493dcdc6c69 /ipalib/x509.py | |
| parent | 1b09ca53a211316e4e6541bafad68df594b8f2b3 (diff) | |
| download | freeipa-18aa73e06e30939b6b8d0a2c6def41fb6bd4eef8.tar.gz freeipa-18aa73e06e30939b6b8d0a2c6def41fb6bd4eef8.tar.xz freeipa-18aa73e06e30939b6b8d0a2c6def41fb6bd4eef8.zip | |
Fix invalid issuer in unit tests
Fix several test failures when issuer does not match the one
generated by make-testcert (CN=Certificate Authority,O=<realm>).
https://fedorahosted.org/freeipa/ticket/1527
Diffstat (limited to 'ipalib/x509.py')
| -rw-r--r-- | ipalib/x509.py | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/ipalib/x509.py b/ipalib/x509.py index e757e1d1f..23f337edc 100644 --- a/ipalib/x509.py +++ b/ipalib/x509.py @@ -45,6 +45,10 @@ from ipalib import errors PEM = 0 DER = 1 +def valid_issuer(issuer, realm): + return issuer in ('CN=%s Certificate Authority' % realm, + 'CN=Certificate Authority,O=%s' % realm,) + def strip_header(pem): """ Remove the header and footer from a certificate. @@ -187,8 +191,7 @@ def verify_cert_subject(ldap, hostname, dercert): issuer = str(nsscert.issuer) # Handle both supported forms of issuer, from selfsign and dogtag. - if ((issuer != 'CN=%s Certificate Authority' % api.env.realm) and - (issuer != 'CN=Certificate Authority,O=%s' % api.env.realm)): + if (not valid_issuer(issuer, api.env.realm)): raise errors.CertificateOperationError(error=_('Issuer "%(issuer)s" does not match the expected issuer') % \ {'issuer' : issuer}) |