[Pki-devel] [PATCH] 283 -- fix pki export into pkcs12
Ade Lee
alee at redhat.com
Thu Mar 3 19:48:29 UTC 2016
Fix pkcs12 export
The utility for exporting certs and keys to a PKCS12 file
did not handle the signing certificate correctly. This is
because the signing certificate was imported multiple times
during the export process - either with its key (and key id set)
or as part of the cert chain for the other system certs (with
no key set).
Each import would override the previous import - so whether
or not the key_id was set would depend on the order in which
the certificates were imported.
This becomes an issue for import into a clone certdb, because in
the new mechanism, we rely on the cert attributes (ie. key_id) to
determine if a key is to be imported or not.
We fix this by specifying whether the entry in the export should
be overwritten or not.
Please review,
Ade
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-vakwetu-0283-Fix-pkcs12-export.patch
Type: text/x-patch
Size: 4123 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20160303/052835ed/attachment.bin>
More information about the Pki-devel
mailing list