[patch] fix signing of certmaster certs with certmaster-ca

Adrian Likins <alikins@xxxxxxxxxx> · Tue, 18 May 2010 12:34:11 -0400

When attempting to sign a cert request with "certmaster-ca --sign" I was 
getting errors about "CA:False" not
existing. This changes that to "CA:FALSE" and seems to fix the issue.

Adrian
>From 293d5d60a5da1c16d6106c4db642bfee91fd803a Mon Sep 17 00:00:00 2001
From: Adrian Likins <alikins@xxxxxxxxxx>
Date: Tue, 18 May 2010 12:31:11 -0400
Subject: [PATCH] Sign a cert with CA:FALSE, not CA:False as this was causing cert
 signing to fail

---
 certmaster/certs.py |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/certmaster/certs.py b/certmaster/certs.py
index da0942f..9367fed 100644
--- a/certmaster/certs.py
+++ b/certmaster/certs.py
@@ -142,7 +142,7 @@ def create_slave_certificate(csr, cakey, cacert, cadir, slave_cert_file=None):
     cert.set_subject(csr.get_subject())
     cert.set_pubkey(csr.get_pubkey())
     cert.set_version(2)
-    xt = crypto.X509Extension('basicConstraints', False ,'CA:False')
+    xt = crypto.X509Extension('basicConstraints', False ,'CA:FALSE')
     # FIXME - add subjectkeyidentifier and authoritykeyidentifier extensions, too)    
     cacert.add_extensions((xt,))
     cert.sign(cakey, 'sha1')
-- 
1.6.2.5

_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list



