-
Notifications
You must be signed in to change notification settings - Fork 138
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix incorrect default signing algorithm
The PKIDeployer.update_system_cert() was incorrectly setting the default signing algorithm param in CS.cfg for all certs using the key algorithm param in pkispawn which could cause a problem if the key algorithm and signing algorithm are not the same. The code has been modified to set the param properly using the signing algorithm param in pkispawn for CA/OCSP/audit signing certs only. This param is not used by other certs so it does not need to be set for those certs. The pki-server ca-config-show CLI has been updated to return a non-zero code if the param being requested doesn't exist. The tests have been updated to use different key and signing algorithms. #4518
- Loading branch information
Showing
6 changed files
with
102 additions
and
89 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.