49 lines
2.0 KiB
Diff
49 lines
2.0 KiB
Diff
From 34dc75802c41535519c392096d935f0a8ebeedb3 Mon Sep 17 00:00:00 2001
|
|
From: Alexander Bokovoy <abokovoy@redhat.com>
|
|
Date: Sun, 30 Mar 2025 12:55:19 +0300
|
|
Subject: [PATCH] Fix CA certificates iteration
|
|
|
|
FreeIPA fix for https://pagure.io/freeipa/issue/9652 now produces five
|
|
elements tuple when iterating over CA certificate list, the last element
|
|
being the serial number. We do not need it, so extract only the first
|
|
four elements (certificate, nickname, trusted, EKU).
|
|
|
|
The regression was introduced by FreeIPA commit
|
|
f91b677ada376034b25d50e78475237c5976770e.
|
|
|
|
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
|
|
---
|
|
roles/ipaclient/library/ipaclient_setup_nss.py | 8 +++++---
|
|
1 file changed, 5 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/roles/ipaclient/library/ipaclient_setup_nss.py b/roles/ipaclient/library/ipaclient_setup_nss.py
|
|
index 09ddef5..d9fdda6 100644
|
|
--- a/roles/ipaclient/library/ipaclient_setup_nss.py
|
|
+++ b/roles/ipaclient/library/ipaclient_setup_nss.py
|
|
@@ -340,17 +340,19 @@ def main():
|
|
ca_subject)
|
|
ca_certs_trust = [(c, n,
|
|
certstore.key_policy_to_trust_flags(t, True, u))
|
|
- for (c, n, t, u) in ca_certs]
|
|
+ for (c, n, t, u) in [x[0:4] for x in ca_certs]]
|
|
|
|
if hasattr(paths, "KDC_CA_BUNDLE_PEM"):
|
|
x509.write_certificate_list(
|
|
- [c for c, n, t, u in ca_certs if t is not False],
|
|
+ [c for c, n, t, u in [x[0:4] for x in ca_certs]
|
|
+ if t is not False],
|
|
paths.KDC_CA_BUNDLE_PEM,
|
|
# mode=0o644
|
|
)
|
|
if hasattr(paths, "CA_BUNDLE_PEM"):
|
|
x509.write_certificate_list(
|
|
- [c for c, n, t, u in ca_certs if t is not False],
|
|
+ [c for c, n, t, u in [x[0:4] for x in ca_certs]
|
|
+ if t is not False],
|
|
paths.CA_BUNDLE_PEM,
|
|
# mode=0o644
|
|
)
|
|
--
|
|
2.49.0
|
|
|