[Freeipa-devel] [PATCH 019] Asymmetric vault: validate public key in client
Petr Vobornik
pvoborni at redhat.com
Thu Aug 13 10:10:13 UTC 2015
On 07/23/2015 08:38 PM, Christian Heimes wrote:
> The ipa vault commands now load the public keys in order to verify them.
> The validation also prevents a user from accidentally sending her
> private keys to the server. The patch fixes #5142 and #5142.
>
> $ ./ipa vault-add AsymmetricVault --desc "Asymmetric vault" --type
> asymmetric --public-key-file mykey.pem
> ipa: ERROR: invalid 'ipavaultpublickey': Invalid or unsupported vault
> public key: Could not unserialize key data.
>
> https://fedorahosted.org/freeipa/ticket/5142
> https://fedorahosted.org/freeipa/ticket/5143
>
ACK as fix for 5142.
I don't think that it fixes 5143. The traceback is fixed therefore 5143
doesn't occur but if there was other traceback raised by
`self.api.Command.vault_archive(*args, **opts)` then the vault added in
`response = self.api.Command.vault_add_internal(*args, **options)` would
be still created.
--
Petr Vobornik
More information about the Freeipa-devel
mailing list