Commit - freeipa - ba25408d997ec064038ee815e970b4b39a633f16

freeipa

`ba25408` Fix ca less IPA install on fips mode

Authored and Committed by frenaud 6 years ago

raw patch tree parent

1 file changed. 4 lines added. 0 lines removed.

    Fix ca less IPA install on fips mode
    
    When ipa-server-install is run in fips mode and ca-less, the installer
    fails when the keys are provided with --{http|dirsrv|pkinit}-cert-file
    in a separate key file.
    
    The installer transforms the key into PKCS#8 format using
    openssl pkcs8 -topk8
    but this command fails on a fips-enabled server, unless the options
    -v2 aes256 -v2prf hmacWithSHA256
    are also provided.
    
    Fixes:
    https://pagure.io/freeipa/issue/7280
    
    Reviewed-By: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>

ipapython/certdb.py

file modified

+4 -0

freeipa

Source Code

ba25408 Fix ca less IPA install on fips mode

Authored and Committed by frenaud 6 years ago

`ba25408` Fix ca less IPA install on fips mode