projects / certmaster.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fc94644) | patch
Do not accept certificates that do not match our key.
authorJohn Eckersberg <jeckersb@redhat.com>
Tue, 14 Apr 2009 13:16:23 +0000 (09:16 -0400)
committerAdrian Likins <alikins@redhat.com>
Tue, 14 Apr 2009 15:29:06 +0000 (11:29 -0400)
commit4575d4c9942579a235eb7b46a726ddcd557a2edd
tree45b80d4b7968da3935d4d2d9f5c07aa45e365914tree | snapshot
parentfc94644e28f0af3ce765ec3f87138b264125dee0commit | diff
Do not accept certificates that do not match our key.

Usually this happens when a host is re-provisioned and you forget to
run certmaster-ca --clean afterwards to remove the old cert on the
certmaster.

Instead of accepting the cert and throwing a key-mismatch exception,
we log a useful hint to the log and to stderr.
certmaster/certs.py diff | blob | history
certmaster/utils.py diff | blob | history
Fedora's certmaster (https://fedorahosted.org/certmaster/) with multiple CA support