From 80b544eb5a6dbb99620c0e196126c0d934134e7b Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mar 07 2013 08:40:21 +0000
Subject: Don't base64-encode the CA cert when uploading it during an upgrade.


We want to store the raw value. Tools like ldapsearch will automatically
base64 encode the value because it's binary so we don't want to duplicate
that.

https://fedorahosted.org/freeipa/ticket/3477

---

diff --git a/ipaserver/install/plugins/upload_cacrt.py b/ipaserver/install/plugins/upload_cacrt.py
index d60247b..a82fc36 100644
--- a/ipaserver/install/plugins/upload_cacrt.py
+++ b/ipaserver/install/plugins/upload_cacrt.py
@@ -39,7 +39,6 @@ class update_upload_cacrt(PostUpdate):
         certdb = certs.CertDB(api.env.realm, nssdir=dirname, subject_base=subject_base)
 
         dercert = certdb.get_cert_from_db(certdb.cacert_name, pem=False)
-        cadercert = base64.b64encode(dercert)
 
         updates = {}
         dn = DN(('cn', 'CACert'), ('cn', 'ipa'), ('cn','etc'), api.env.basedn)
@@ -47,7 +46,7 @@ class update_upload_cacrt(PostUpdate):
         cacrt_entry = ['objectclass:nsContainer',
                        'objectclass:pkiCA',
                        'cn:CAcert',
-                       'cACertificate;binary:%s' % cadercert,
+                       'cACertificate;binary:%s' % dercert,
                       ]
         updates[dn] = {'dn': dn, 'default': cacrt_entry}