freeipa

Clone
Source Code
GIT

8ab2977 Backport certs.py patches from master.

Authored and Committed by rcritten 14 years ago
raw patch tree parent
1 file changed. 63 lines added. 10 lines removed.
ipa-server/ipaserver/certs.py
file modified
+63 -10 
    Backport certs.py patches from master.
    
    Fix deprecation warning for the sha library on Python 2.6
    
    sha has been replaced by hashlib. We need to support Python 2.4 - 2.6 so
    this will use hashlib if available but fall back onto sha if not.
    Fortunately they use the same API for the function we need.
    
    509042
    
    Identify CAs to trust from an imported PKCS#12 file
    
    We used to use certutil -O to determine the cert chain to trust. This
    behavior changed in F-11 such that untrusted CAs are not displayed.
    This is only used when we import PKCS#12 files so use pk12util -l to
    display the list of certs and keys in the file to determine the nickname(s)
    of the CAs to trust.
    
    509111
    
    No need to trust NSS built-in CA's, more specific regex for finding CA nickname
    
    - Add some logging so we have a better idea of what happened if things fail
    - Default to self-signed CA to trust if one is not found. This will fix
      the self-signed CA case where certutil doesn't return untrusted CA's in
      -O output.
    - Remove unused httplib import
file modified
+63 -10
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.