From 2628a593d2b15f442c51d6f17d91b81c933cf0e7 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Jul 09 2013 18:23:25 +0000
Subject: Skip cert issuer validation in service and host commands in CA-less install.


https://fedorahosted.org/freeipa/ticket/3736

---

diff --git a/ipalib/x509.py b/ipalib/x509.py
index dc5418e..ca6eac5 100644
--- a/ipalib/x509.py
+++ b/ipalib/x509.py
@@ -61,9 +61,12 @@ def subject_base():
     return _subject_base
 
 def valid_issuer(issuer):
+    if not api.env.enable_ra:
+        return True
     # Handle all supported forms of issuer -- currently dogtag only.
     if api.env.ra_plugin == 'dogtag':
         return DN(issuer) == DN(('CN', 'Certificate Authority'), subject_base())
+    return True
 
 def strip_header(pem):
     """