When attempting to sign a cert request with "certmaster-ca --sign" I was getting errors about "CA:False" not
existing. This changes that to "CA:FALSE" and seems to fix the issue.
Adrian
>From 293d5d60a5da1c16d6106c4db642bfee91fd803a Mon Sep 17 00:00:00 2001 From: Adrian Likins <[email protected]> Date: Tue, 18 May 2010 12:31:11 -0400 Subject: [PATCH] Sign a cert with CA:FALSE, not CA:False as this was causing cert signing to fail --- certmaster/certs.py | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/certmaster/certs.py b/certmaster/certs.py index da0942f..9367fed 100644 --- a/certmaster/certs.py +++ b/certmaster/certs.py @@ -142,7 +142,7 @@ def create_slave_certificate(csr, cakey, cacert, cadir, slave_cert_file=None): cert.set_subject(csr.get_subject()) cert.set_pubkey(csr.get_pubkey()) cert.set_version(2) - xt = crypto.X509Extension('basicConstraints', False ,'CA:False') + xt = crypto.X509Extension('basicConstraints', False ,'CA:FALSE') # FIXME - add subjectkeyidentifier and authoritykeyidentifier extensions, too) cacert.add_extensions((xt,)) cert.sign(cakey, 'sha1') -- 1.6.2.5
_______________________________________________ Func-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/func-list
