URL:
https://github.com/freeipa/freeipa/pull/1217
Author: pvoborni
Title: #1217: [Backport][ipa-4-5] Include the CA basic constraint in CSRs when renewing
a CA
Action: opened
PR body:
"""
Opened manually as backport of #963
manual changes done on cherry-pick are:
```diff
diff --cc ipaserver/install/ipa_cacert_manage.py
index fcbf091,86243d3..0000000
--- a/ipaserver/install/ipa_cacert_manage.py
+++ b/ipaserver/install/ipa_cacert_manage.py
@@@ -309,8 -302,9 +309,9 @@@ class CACertManage(admintool.AdminTool)
def resubmit_request(self, ca='dogtag-ipa-ca-renew-agent',
profile=''):
timeout = api.env.startup_timeout + 60
- logger.debug("resubmitting certmonger request '%s'",
self.request_id)
+ self.log.debug("resubmitting certmonger request '%s'",
self.request_id)
- certmonger.resubmit_request(self.request_id, ca=ca, profile=profile)
+ certmonger.resubmit_request(self.request_id, ca=ca, profile=profile,
+ is_ca=True)
try:
state = certmonger.wait_for_request(self.request_id, timeout)
except RuntimeError:
```
(there was conflict in logging)
"""
To pull the PR as Git branch:
git remote add ghfreeipa
https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1217/head:pr1217
git checkout pr1217