summaryrefslogtreecommitdiffstats
path: root/ipapython
diff options
context:
space:
mode:
authorFlorence Blanc-Renaud <flo@redhat.com>2016-09-01 13:56:24 +0200
committerJan Cholasta <jcholast@redhat.com>2016-09-19 07:58:44 +0200
commit0c4a91348a57ee941db94b31f59952eb1fcd4565 (patch)
treeeb641a7d61a35bcf6a29a1ae7fd0a51628c90665 /ipapython
parentb18a35145df92522ae990e020513d1a77e311493 (diff)
downloadfreeipa-0c4a91348a57ee941db94b31f59952eb1fcd4565.tar.gz
freeipa-0c4a91348a57ee941db94b31f59952eb1fcd4565.tar.xz
freeipa-0c4a91348a57ee941db94b31f59952eb1fcd4565.zip
Add cert checks in ipa-server-certinstall
When ipa-server-certinstall is called to install a new server certificate, the prerequisite is that the certificate issuer must be already known by IPA. This fix adds new checks to make sure that the tool exits before modifying the target NSS database if it is not the case. The fix consists in creating a temp NSS database with the CA certs from the target NSS database + the new server cert and checking the new server cert validity. https://fedorahosted.org/freeipa/ticket/6263 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipapython')
0 files changed, 0 insertions, 0 deletions
generated by cgit (git 2.34.1) at 2026-02-12 03:29:20 +0000