Due to a recently added validation code, the headerless PKCS #7 data generated by IPA needs to be joined into a single line before storing it in CS.cfg.
Pushed to master under one-liner/trivial rule. -- Endi S. Dewata
>From 9ac5e454dafe0d88f174f067e5e47f9d926f00a7 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" <edew...@redhat.com> Date: Tue, 14 Jun 2016 05:55:01 +0200 Subject: [PATCH] Fixed problem with headerless PKCS #7 data. Due to a recently added validation code, the headerless PKCS #7 data generated by IPA needs to be joined into a single line before storing it in CS.cfg. --- base/common/python/pki/nssdb.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/base/common/python/pki/nssdb.py b/base/common/python/pki/nssdb.py index 2504a95797cae1eebe491df398d41c4129467650..0c27c3f19b6d938e4e335aaf0541d0ca0d0c1796 100644 --- a/base/common/python/pki/nssdb.py +++ b/base/common/python/pki/nssdb.py @@ -477,6 +477,13 @@ class NSSDatabase(object): else: # import PKCS #7 data without header/footer with open(cert_chain_file, 'r') as f: base64_data = f.read() + + # TODO: fix ipaserver/install/cainstance.py in IPA + # to no longer remove PKCS #7 header/footer + + # join base-64 data into a single line + base64_data = base64_data.replace('\r', '').replace('\n', '') + pkcs7_data = convert_pkcs7(base64_data, 'base64', 'pem') tmp_cert_chain_file = os.path.join(tmpdir, 'cert_chain.p7b') -- 2.5.5
_______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel