There are situations where IPA_CA_CERT is opened, download of the certificate from server failed and the file is closed again. This results in 0 byte size file. In 'install_check' function there is no check if the IPA_CA_CERT has some actual content, it just checks if the file exists and blindly uses existing cert instead of raising an error.
There should be a check if the file is empty which should then result in an error.
https://github.com/freeipa/freeipa/pull/7115
master:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.