Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ca: fix ca-find with --pkey-only #348

Closed
wants to merge 1 commit into from
Closed

ca: fix ca-find with --pkey-only #348

wants to merge 1 commit into from

Conversation

HonzaCholasta
Copy link
Contributor

@HonzaCholasta HonzaCholasta commented Dec 19, 2016
edited by MartinBasti

Since commit 32b1743, ca-find will fail
with internal error if --pkey-only is specified, because the code to
look up the CA certificate and certificate chain assumes that the ipaCAId
attribute is always present in the result.

Fix this by not attempting to lookup the certificate / chain at all when
--pkey-only is specified.

https://fedorahosted.org/freeipa/ticket/6178

@MartinBasti MartinBasti self-assigned this Dec 19, 2016
@frasertweedale
Copy link
Contributor

IMO the current change is fine, but I would also implement a defensive guard within set_certificate_attrs in case this somehow happens in some other command.

def set_certificate_attrs(entry, options, want_cert=True):
    if 'ipacaid' not in entry:
        return
    ca_id = entry['ipacaid'][0]
    ...

ca: fix ca-find with --pkey-only
fde228a 
Since commit 32b1743, ca-find will fail
with internal error if --pkey-only is specified, because the code to
look up the CA certificate and certificate chain assumes that the ipaCAId
attribute is always present in the result.

Fix this by not attempting to lookup the certificate / chain at all when
--pkey-only is specified.

https://fedorahosted.org/freeipa/ticket/6178
@frasertweedale
Copy link
Contributor

LGTM

@HonzaCholasta
Copy link
Contributor Author

@frasertweedale, is that an ACK? :-)

@frasertweedale
Copy link
Contributor

It is an ACK. I don't have perms to add the label tho :)

@MartinBasti
Copy link
Contributor

@frasertweedale your permissions have been upgraded :)

@frasertweedale frasertweedale added the ack Pull Request approved, can be merged label Jan 5, 2017
@frasertweedale
Copy link
Contributor

Thanks @mbasti-rh !

@MartinBasti
Copy link
Contributor

Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/ceb26f5ac428cdbed8ec1fa89e9ed6f1d903a5a0

@MartinBasti MartinBasti added the pushed Pull Request has already been pushed label Jan 5, 2017
@MartinBasti MartinBasti closed this Jan 5, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@MartinBasti MartinBasti

Labels
ack Pull Request approved, can be merged pushed Pull Request has already been pushed
Projects
None yet
Milestone
No milestone
3 participants
@HonzaCholasta @frasertweedale @MartinBasti