diff options
| author | Fraser Tweedale <ftweedal@redhat.com> | 2019-05-29 13:22:35 +1000 |
|---|---|---|
| committer | Fraser Tweedale <ftweedal@redhat.com> | 2019-06-11 16:14:44 +1000 |
| commit | ad7472970305f7be2d3afc65fda1e86296d118dd (patch) | |
| tree | b480ac359f5b5ed644421f9d3cbf0f05fbc23658 /ipapython | |
| parent | df99680eadcce43582d925711acab04f521e4aad (diff) | |
| download | freeipa-ad7472970305f7be2d3afc65fda1e86296d118dd.tar.gz freeipa-ad7472970305f7be2d3afc65fda1e86296d118dd.tar.xz freeipa-ad7472970305f7be2d3afc65fda1e86296d118dd.zip | |
dn: sort AVAs when converting from x509.Name
Equal DNs with multi-valued RDNs can compare inequal if one (or
both) is constructed from a cryptography.x509.Name, because the AVAs
in the multi-valued RDNs are not being sorted.
Sort the AVAs when constructing from Name and add test cases for
equality checks on multi-valued RDNs constructed from inputs with
permuted AVA order.
Part of: https://pagure.io/freeipa/issue/7963
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'ipapython')
| -rw-r--r-- | ipapython/dn.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/ipapython/dn.py b/ipapython/dn.py index fda28a3f9..aa15c19ca 100644 --- a/ipapython/dn.py +++ b/ipapython/dn.py @@ -1141,6 +1141,8 @@ class DN: ava.value) for ava in rdn] for rdn in value.rdns ])) + for rdn in rdns: + sort_avas(rdn) else: raise TypeError( "must be str, unicode, tuple, Name, RDN or DN, got %s instead" |