Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Enable certificate verification in PKIConnection
To PKIConnection's initialization handler, we introduce a new argument, cert_paths, which takes a string or iterable; each unit of which is treated as a capath or cafile depending on whether or not it is a directory. See ssl.SSLContext.load_verify_locations for more information. This enables both PKI and IPA to specify independent CA file locations at the same time and have fallback if this does not work. Because some users might've already loaded the CA certificate into the system-wide CA certificate store (if they're running Dogtag in production), we also inclue the global trust store. Resolves: rh-bz#1426572 Signed-off-by: Alexander Scheel <ascheel@redhat.com>
- Loading branch information
Showing
1 changed file
with
58 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters