rpms/ipa
7
0
Fork 0
Code Issues Pull Requests Releases Activity
b993dadc84
ipa/0007-ipa-p11-kit-fixes.patch
Alexander Bokovoy cca65702ef Another attempt at fixing bug 1491053
2017-10-16 21:58:23 +03:00

75 lines
2.9 KiB
Diff
Raw Blame History

From 912f42fe943bd407e0bb73df7c6b2ab2031a4f6e Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka <slaznick@redhat.com>
Date: Mon, 16 Oct 2017 13:29:07 +0200
Subject: [PATCH] p11-kit: add serial number in DER format
This causes Firefox to report our CA certificate as not-trustworthy.
We were previously doing this correctly, however it slipped as an
error due to certificate refactoring.
https://pagure.io/freeipa/issue/7210
---
ipalib/x509.py | 7 +++++++
ipaplatform/redhat/tasks.py | 4 ++--
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/ipalib/x509.py b/ipalib/x509.py
index 9f7a3c3115..205e2f82d3 100644
--- a/ipalib/x509.py
+++ b/ipalib/x509.py
@@ -123,18 +123,21 @@ def __init__(self, cert, backend=None):
# some field types encode-decoding is not strongly defined
self._subject = self.__get_der_field('subject')
self._issuer = self.__get_der_field('issuer')
+ self._serial_number = self.__get_der_field('serialNumber')
def __getstate__(self):
state = {
'_cert': self.public_bytes(Encoding.DER),
'_subject': self.subject_bytes,
'_issuer': self.issuer_bytes,
+ '_serial_number': self._serial_number,
}
return state
def __setstate__(self, state):
self._subject = state['_subject']
self._issuer = state['_issuer']
+ self._issuer = state['_serial_number']
self._cert = crypto_x509.load_der_x509_certificate(
state['_cert'], backend=default_backend())
@@ -216,6 +219,10 @@ def serial_number(self):
return self._cert.serial_number
@property
+ def serial_number_bytes(self):
+ return self._serial_number
+
+ @property
def version(self):
return self._cert.version
diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py
index 81c9286daf..0e7810f623 100644
--- a/ipaplatform/redhat/tasks.py
+++ b/ipaplatform/redhat/tasks.py
@@ -274,7 +274,7 @@ def insert_ca_certs_into_systemwide_ca_store(self, ca_certs):
try:
subject = cert.subject_bytes
issuer = cert.issuer_bytes
- serial_number = cert.serial_number
+ serial_number = cert.serial_number_bytes
public_key_info = cert.public_key_info_bytes
except (PyAsn1Error, ValueError, CertificateError) as e:
logger.warning(
@@ -284,7 +284,7 @@ def insert_ca_certs_into_systemwide_ca_store(self, ca_certs):
label = urllib.parse.quote(nickname)
subject = urllib.parse.quote(subject)
issuer = urllib.parse.quote(issuer)
- serial_number = urllib.parse.quote(str(serial_number))
+ serial_number = urllib.parse.quote(serial_number)
public_key_info = urllib.parse.quote(public_key_info)
obj = ("[p11-kit-object-v1]\n"
Reference in New Issue View Git Blame Copy Permalink