URL: https://github.com/freeipa/freeipa/pull/348 Author: jcholast Title: #348: ca: fix ca-find with --pkey-only Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/348/head:pr348 git checkout pr348
From fde228a0e0cffe754c7b420a3a1d87af46f7d995 Mon Sep 17 00:00:00 2001 From: Jan Cholasta <jchol...@redhat.com> Date: Fri, 16 Dec 2016 14:19:00 +0100 Subject: [PATCH] ca: fix ca-find with --pkey-only Since commit 32b1743e5fb318b226a602ec8d9a4b6ef2a25c9d, ca-find will fail with internal error if --pkey-only is specified, because the code to look up the CA certificate and certificate chain assumes that the ipaCAId attribute is always present in the result. Fix this by not attempting to lookup the certificate / chain at all when --pkey-only is specified. https://fedorahosted.org/freeipa/ticket/6178 --- ipaserver/plugins/ca.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/ipaserver/plugins/ca.py b/ipaserver/plugins/ca.py index 2510a79..f02c144 100644 --- a/ipaserver/plugins/ca.py +++ b/ipaserver/plugins/ca.py @@ -162,7 +162,10 @@ class ca(LDAPObject): def set_certificate_attrs(entry, options, want_cert=True): - ca_id = entry['ipacaid'][0] + try: + ca_id = entry['ipacaid'][0] + except KeyError: + return full = options.get('all', False) want_chain = options.get('chain', False) @@ -192,8 +195,9 @@ class ca_find(LDAPSearch): def execute(self, *keys, **options): ca_enabled_check() result = super(ca_find, self).execute(*keys, **options) - for entry in result['result']: - set_certificate_attrs(entry, options, want_cert=False) + if not options.get('pkey_only', False): + for entry in result['result']: + set_certificate_attrs(entry, options, want_cert=False) return result
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code