[Pki-devel] [PATCH] 283 -- fix pki export into pkcs12
Ade Lee
alee at redhat.com
Thu Mar 3 20:36:30 UTC 2016
ACKed by Jack. Pushed to master.
On Thu, 2016-03-03 at 14:48 -0500, Ade Lee wrote:
> Fix pkcs12 export
>
> The utility for exporting certs and keys to a PKCS12 file
> did not handle the signing certificate correctly. This is
> because the signing certificate was imported multiple times
> during the export process - either with its key (and key id set)
> or as part of the cert chain for the other system certs (with
> no key set).
>
> Each import would override the previous import - so whether
> or not the key_id was set would depend on the order in which
> the certificates were imported.
>
> This becomes an issue for import into a clone certdb, because in
> the new mechanism, we rely on the cert attributes (ie. key_id) to
> determine if a key is to be imported or not.
>
> We fix this by specifying whether the entry in the export should
> be overwritten or not.
>
> Please review,
>
> Ade
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list