[Freeipa-devel] [PATCH 0288] certs: Fix incorrect flag handling in load_cacert
Jan Cholasta
jcholast at redhat.com
Tue Dec 2 12:45:45 UTC 2014
Hi,
Dne 2.12.2014 v 13:16 Tomas Babej napsal(a):
> Hi,
>
> For CA certificates that are not certificates of IPA CA, we incorrectly
> set the trust flags to ",,", regardless what the actual trust_flags
> parameter was passed.
>
> Make the load_cacert method respect trust_flags and make "C,," default
> set of trust flags.
For unknown CA certificates, you must keep the default ",," and
explicitly override it where necessary. We don't want to trust *any* CA
certificate to issue server certs.
>
> https://fedorahosted.org/freeipa/ticket/4779
Honza
--
Jan Cholasta
More information about the Freeipa-devel
mailing list