diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2013-03-06 14:28:18 -0500 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2013-03-07 09:40:07 +0100 |
| commit | f6f8307be282e96df4fa4f35e83f1ff17403cf86 (patch) | |
| tree | 319bd01979703f5a90f71843930f4868f42b90b2 /ipaserver | |
| parent | 0b0af8b233e787ca9742526aa72c88f10e37d3f6 (diff) | |
| download | freeipa-f6f8307be282e96df4fa4f35e83f1ff17403cf86.tar.gz freeipa-f6f8307be282e96df4fa4f35e83f1ff17403cf86.tar.xz freeipa-f6f8307be282e96df4fa4f35e83f1ff17403cf86.zip | |
Don't base64-encode the CA cert when uploading it during an upgrade.
We want to store the raw value. Tools like ldapsearch will automatically
base64 encode the value because it's binary so we don't want to duplicate
that.
https://fedorahosted.org/freeipa/ticket/3477
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/plugins/upload_cacrt.py | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/ipaserver/install/plugins/upload_cacrt.py b/ipaserver/install/plugins/upload_cacrt.py index d60247b7c..a82fc36bf 100644 --- a/ipaserver/install/plugins/upload_cacrt.py +++ b/ipaserver/install/plugins/upload_cacrt.py @@ -39,7 +39,6 @@ class update_upload_cacrt(PostUpdate): certdb = certs.CertDB(api.env.realm, nssdir=dirname, subject_base=subject_base) dercert = certdb.get_cert_from_db(certdb.cacert_name, pem=False) - cadercert = base64.b64encode(dercert) updates = {} dn = DN(('cn', 'CACert'), ('cn', 'ipa'), ('cn','etc'), api.env.basedn) @@ -47,7 +46,7 @@ class update_upload_cacrt(PostUpdate): cacrt_entry = ['objectclass:nsContainer', 'objectclass:pkiCA', 'cn:CAcert', - 'cACertificate;binary:%s' % cadercert, + 'cACertificate;binary:%s' % dercert, ] updates[dn] = {'dn': dn, 'default': cacrt_entry} |