[Freeipa-devel] [PATCH] 41 Verify that the external CA certificate files are correct
Rob Crittenden
rcritten at redhat.com
Thu Aug 18 15:47:30 UTC 2011
Jan Cholasta wrote:
> On 17.8.2011 10:27, Jan Cholasta wrote:
>> Verify that --external_cert_file and --external_ca_file are both
>> readable, valid PEM files and that their subject/issuer is correct.
>>
>> Also fixes ipalib.x509.load_certificate_from_file.
>>
>> https://fedorahosted.org/freeipa/ticket/1572
>>
>> Honza
>>
>
> Patch attached.
nack, but this is very close.
If the CA is a chain the signing check may fail if the first cert isn't
the one that signed the CSR. You need to check all CA certs in the file.
rob
More information about the Freeipa-devel
mailing list