freeipa.git - FreeIPA patches

diff options

author	Florence Blanc-Renaud <flo@redhat.com>	2016-09-01 13:56:24 +0200
committer	Jan Cholasta <jcholast@redhat.com>	2016-09-19 07:58:44 +0200
commit	0c4a91348a57ee941db94b31f59952eb1fcd4565 (patch)
tree	eb641a7d61a35bcf6a29a1ae7fd0a51628c90665 /ipapython/ssh.py
parent	b18a35145df92522ae990e020513d1a77e311493 (diff)
download	freeipa-0c4a91348a57ee941db94b31f59952eb1fcd4565.tar.gz freeipa-0c4a91348a57ee941db94b31f59952eb1fcd4565.tar.xz freeipa-0c4a91348a57ee941db94b31f59952eb1fcd4565.zip

Add cert checks in ipa-server-certinstall

When ipa-server-certinstall is called to install a new server certificate, the prerequisite is that the certificate issuer must be already known by IPA. This fix adds new checks to make sure that the tool exits before modifying the target NSS database if it is not the case. The fix consists in creating a temp NSS database with the CA certs from the target NSS database + the new server cert and checking the new server cert validity. https://fedorahosted.org/freeipa/ticket/6263 Reviewed-By: Jan Cholasta <jcholast@redhat.com>

Diffstat (limited to 'ipapython/ssh.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: