From 720034f1b440135671d03596368ed5e9e5a0f3c3 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Apr 03 2017 12:40:55 +0000 Subject: certdb: fix `AttributeError` in `verify_ca_cert_validity` `NSSDatabase.verify_ca_cert_validity` tries to access a property of basic constraints extension on the extension object itself rather than its value. Access the attribute on the correct object to fix the issue. Reviewed-By: Stanislav Laznicka --- diff --git a/ipapython/certdb.py b/ipapython/certdb.py index 82b3869..4485f73 100644 --- a/ipapython/certdb.py +++ b/ipapython/certdb.py @@ -569,7 +569,7 @@ class NSSDatabase(object): except cryptography.x509.ExtensionNotFound: raise ValueError("missing basic constraints") - if not bc.ca: + if not bc.value.ca: raise ValueError("not a CA certificate") try: