diff options
| author | Tomas Babej <tbabej@redhat.com> | 2014-12-02 13:13:51 +0100 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2014-12-02 14:44:42 +0000 |
| commit | faec4ef9de431a1b72423be8ce6cea28a7221531 (patch) | |
| tree | f45d2ac529edf63547aa8d5acdc003ea7f109cdd /ipaserver/install/dsinstance.py | |
| parent | 79d9c4943617bf57fde4a38325cbc9a14d0ff495 (diff) | |
| download | freeipa-faec4ef9de431a1b72423be8ce6cea28a7221531.tar.gz freeipa-faec4ef9de431a1b72423be8ce6cea28a7221531.tar.xz freeipa-faec4ef9de431a1b72423be8ce6cea28a7221531.zip | |
certs: Fix incorrect flag handling in load_cacert
For CA certificates that are not certificates of IPA CA, we incorrectly
set the trust flags to ",,", regardless what the actual trust_flags
parameter was passed.
Make the load_cacert method respect trust_flags and make it a required
argument.
https://fedorahosted.org/freeipa/ticket/4779
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaserver/install/dsinstance.py')
| -rw-r--r-- | ipaserver/install/dsinstance.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 06c13c21d..66267f4cd 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -840,7 +840,7 @@ class DsInstance(service.Service): certdb.cacert_name = cacert_name status = True try: - certdb.load_cacert(cacert_fname) + certdb.load_cacert(cacert_fname, 'C,,') except ipautil.CalledProcessError, e: root_logger.critical("Error importing CA cert file named [%s]: %s" % (cacert_fname, str(e))) |