freeipa

Clone
Source Code
GIT

c7cc989 certdb: ensure non-empty Subject Key Identifier

1 file Authored by ftweedal 5 years ago, Committed by cheimes 5 years ago,
raw patch tree parent
1 file changed. 4 lines added. 1 lines removed.
ipapython/certdb.py
file modified
+4 -1 
    certdb: ensure non-empty Subject Key Identifier
    
    Installation or IPA CA renewal with externally-signed CA accepts an
    IPA CA certificate with empty Subject Key Identifier. This is
    technically legal in X.509, but is an operational issue.
    Furthermore, due to an extant bug in Dogtag
    (https://pagure.io/dogtagpki/issue/3079) it will cause Dogtag
    startup failure.
    
    Reject CA certificates with empty Subject Key Identifier.
    
    Fixes: https://pagure.io/freeipa/issue/7762
    Reviewed-By: Christian Heimes <cheimes@redhat.com>
file modified
+4 -1
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.