From f6f8307be282e96df4fa4f35e83f1ff17403cf86 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mar 07 2013 08:40:07 +0000
Subject: Don't base64-encode the CA cert when uploading it during an upgrade.


We want to store the raw value. Tools like ldapsearch will automatically
base64 encode the value because it's binary so we don't want to duplicate
that.

https://fedorahosted.org/freeipa/ticket/3477

---

diff --git a/ipaserver/install/plugins/upload_cacrt.py b/ipaserver/install/plugins/upload_cacrt.py
index d60247b..a82fc36 100644
--- a/ipaserver/install/plugins/upload_cacrt.py
+++ b/ipaserver/install/plugins/upload_cacrt.py
@@ -39,7 +39,6 @@ class update_upload_cacrt(PostUpdate):
         certdb = certs.CertDB(api.env.realm, nssdir=dirname, subject_base=subject_base)
 
         dercert = certdb.get_cert_from_db(certdb.cacert_name, pem=False)
-        cadercert = base64.b64encode(dercert)
 
         updates = {}
         dn = DN(('cn', 'CACert'), ('cn', 'ipa'), ('cn','etc'), api.env.basedn)
@@ -47,7 +46,7 @@ class update_upload_cacrt(PostUpdate):
         cacrt_entry = ['objectclass:nsContainer',
                        'objectclass:pkiCA',
                        'cn:CAcert',
-                       'cACertificate;binary:%s' % cadercert,
+                       'cACertificate;binary:%s' % dercert,
                       ]
         updates[dn] = {'dn': dn, 'default': cacrt_entry}