389-ds-base

Clone
Source Code
GIT

#49653 Ticket 49650 - lib389 enable_tls doesn't work on F28
Closed 3 years ago by spichugi. Opened 6 years ago by spichugi.
spichugi/389-ds-base tls_f28_fix  into  master

file modified
+2 
@@ -176,6 +176,8 @@ 
 

              'CT,,',
 

              '-v',
 

              '%s' % VALID,
 

+             '--keyUsage',
 

+             'certSigning',
 

              '-d',
 

              self._certdb,
 

              '-z',

Bug Description: In the lib389 we have the method inst.enable_tls().
It creates certificates and sets up the server for TLS communication.
It works on F27 built from master branch and doesn't work on F28.
It happens because on F28 openssl fails to verify the certificate.

Fix Description: We should create CA with an appropriate flag.
It can be done by setting an X.509 V3 Certificate Type Extension
in the certificate to 'certSigning' value.

https://pagure.io/389-ds-base/issue/49650

Author: mhonek

Review by: spichugi

Ack from me.

rebased onto d214765
6 years ago

Pull-Request has been merged by spichugi
6 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This pull request has been cloned to Github as issue and is available here:
- https://github.com/389ds/389-ds-base/issues/2712

If you want to continue to work on the PR, please navigate to the github issue,
download the patch from the attachments and file a new pull request.

Thank you for understanding. We apologize for all inconvenience.

Pull-Request has been closed by spichugi
3 years ago
Metadata
None
No Tags
Changes Summary 1
+2 -0
file changed
src/lib389/lib389/nss_ssl.py
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.