[Freeipa-devel] [freeipa PR#348][opened] ca: fix ca-find with --pkey-only

Mon, 19 Dec 2016 03:48:13 -0800 

   URL: https://github.com/freeipa/freeipa/pull/348
Author: jcholast
 Title: #348: ca: fix ca-find with --pkey-only
Action: opened

PR body:
"""
Since commit 32b1743e5fb318b226a602ec8d9a4b6ef2a25c9d, ca-find will fail
with internal error if --pkey-only is specified, because the code to
look up the CA certificate and certificate chain assumes that the ipaCAId
attribute is always present in the result.

Fix this by not attempting to lookup the certificate / chain at all when
--pkey-only is specified.

https://fedorahosted.org/freeipa/ticket/6178
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/348/head:pr348
git checkout pr348

From dda67fc7ed2d45bf90ee795a7e20edd41931ceb1 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Fri, 16 Dec 2016 14:19:00 +0100
Subject: [PATCH] ca: fix ca-find with --pkey-only

Since commit 32b1743e5fb318b226a602ec8d9a4b6ef2a25c9d, ca-find will fail
with internal error if --pkey-only is specified, because the code to
look up the CA certificate and certificate chain assumes that the ipaCAId
attribute is always present in the result.

Fix this by not attempting to lookup the certificate / chain at all when
--pkey-only is specified.

https://fedorahosted.org/freeipa/ticket/6178
---
 ipaserver/plugins/ca.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ipaserver/plugins/ca.py b/ipaserver/plugins/ca.py
index 2510a79..72f5443 100644
--- a/ipaserver/plugins/ca.py
+++ b/ipaserver/plugins/ca.py
@@ -192,8 +192,9 @@ class ca_find(LDAPSearch):
     def execute(self, *keys, **options):
         ca_enabled_check()
         result = super(ca_find, self).execute(*keys, **options)
-        for entry in result['result']:
-            set_certificate_attrs(entry, options, want_cert=False)
+        if not options.get('pkey_only', False):
+            for entry in result['result']:
+                set_certificate_attrs(entry, options, want_cert=False)
         return result
 
 

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to