summaryrefslogtreecommitdiffstats
path: root/ipapython/certdb.py
diff options
context:
space:
mode:
Diffstat (limited to 'ipapython/certdb.py')
-rw-r--r--ipapython/certdb.py7
1 files changed, 6 insertions, 1 deletions
diff --git a/ipapython/certdb.py b/ipapython/certdb.py
index 4645b406e..5a6e494fb 100644
--- a/ipapython/certdb.py
+++ b/ipapython/certdb.py
@@ -494,7 +494,12 @@ class NSSDatabase(object):
cert = nss.find_cert_from_nickname(nickname)
if not cert.subject:
raise ValueError("has empty subject")
- if not cert.is_ca_cert():
+ try:
+ bc = cert.get_extension(nss.SEC_OID_X509_BASIC_CONSTRAINTS)
+ except KeyError:
+ raise ValueError("missing basic constraints")
+ bc = nss.BasicConstraints(bc.value)
+ if not bc.is_ca:
raise ValueError("not a CA certificate")
intended_usage = nss.certificateUsageSSLCA
try:
generated by cgit (git 2.34.1) at 2026-01-08 13:46:35 +0000