diff options
author | Stanislav Laznicka <slaznick@redhat.com> | 2017-01-06 09:08:52 +0100 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2017-02-23 18:59:01 +0100 |
commit | e2d1b21c5049f68d0336dcaf3f8657b214a34e2b (patch) | |
tree | 848e15f28c283cb4f8ea60c2a1b21cc536e9e98f /ipaserver/plugins | |
parent | dcb618152572ca013a447336e13d24399b5f7960 (diff) | |
download | freeipa-e2d1b21c5049f68d0336dcaf3f8657b214a34e2b.tar.gz freeipa-e2d1b21c5049f68d0336dcaf3f8657b214a34e2b.tar.xz freeipa-e2d1b21c5049f68d0336dcaf3f8657b214a34e2b.zip |
Remove md5_fingerprints from IPA
MD5 is a grandpa and FIPS does not like it at all.
https://fedorahosted.org/freeipa/ticket/5695
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
Diffstat (limited to 'ipaserver/plugins')
-rw-r--r-- | ipaserver/plugins/cert.py | 7 | ||||
-rw-r--r-- | ipaserver/plugins/host.py | 4 | ||||
-rw-r--r-- | ipaserver/plugins/internal.py | 1 | ||||
-rw-r--r-- | ipaserver/plugins/service.py | 6 |
4 files changed, 0 insertions, 18 deletions
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py index 08521974f..585a70ef9 100644 --- a/ipaserver/plugins/cert.py +++ b/ipaserver/plugins/cert.py @@ -346,11 +346,6 @@ class BaseCertObject(Object): flags={'no_create', 'no_update', 'no_search'}, ), Str( - 'md5_fingerprint', - label=_('Fingerprint (MD5)'), - flags={'no_create', 'no_update', 'no_search'}, - ), - Str( 'sha1_fingerprint', label=_('Fingerprint (SHA1)'), flags={'no_create', 'no_update', 'no_search'}, @@ -393,8 +388,6 @@ class BaseCertObject(Object): obj['valid_not_after'] = x509.format_datetime( cert.not_valid_after) if full: - obj['md5_fingerprint'] = x509.to_hex_with_colons( - cert.fingerprint(hashes.MD5())) obj['sha1_fingerprint'] = x509.to_hex_with_colons( cert.fingerprint(hashes.SHA1())) diff --git a/ipaserver/plugins/host.py b/ipaserver/plugins/host.py index 58e711f34..7ceec8eb4 100644 --- a/ipaserver/plugins/host.py +++ b/ipaserver/plugins/host.py @@ -510,10 +510,6 @@ class host(LDAPObject): label=_('Not After'), flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'}, ), - Str('md5_fingerprint', - label=_('Fingerprint (MD5)'), - flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'}, - ), Str('sha1_fingerprint', label=_('Fingerprint (SHA1)'), flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'}, diff --git a/ipaserver/plugins/internal.py b/ipaserver/plugins/internal.py index 0a8139ec0..e82e5fcd4 100644 --- a/ipaserver/plugins/internal.py +++ b/ipaserver/plugins/internal.py @@ -427,7 +427,6 @@ class i18n_messages(Command): "issued_on": _("Issued On"), "issued_to": _("Issued To"), "key_compromise": _("Key Compromise"), - "md5_fingerprint": _("MD5 Fingerprint"), "missing": _("No Valid Certificate"), "new_certificate": _("New Certificate"), "new_cert_format": _("Certificate in base64 or PEM format"), diff --git a/ipaserver/plugins/service.py b/ipaserver/plugins/service.py index 0c498084a..3349889e0 100644 --- a/ipaserver/plugins/service.py +++ b/ipaserver/plugins/service.py @@ -274,8 +274,6 @@ def set_certificate_attrs(entry_attrs): entry_attrs['valid_not_before'] = x509.format_datetime( cert.not_valid_before) entry_attrs['valid_not_after'] = x509.format_datetime(cert.not_valid_after) - entry_attrs['md5_fingerprint'] = x509.to_hex_with_colons( - cert.fingerprint(hashes.MD5())) entry_attrs['sha1_fingerprint'] = x509.to_hex_with_colons( cert.fingerprint(hashes.SHA1())) @@ -504,10 +502,6 @@ class service(LDAPObject): label=_('Not After'), flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'}, ), - Str('md5_fingerprint', - label=_('Fingerprint (MD5)'), - flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'}, - ), Str('sha1_fingerprint', label=_('Fingerprint (SHA1)'), flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'}, |