Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
IPAOpenSSLChainValidation: ignore default trust store
The check IPAOpenSSLChainValidation is ensuring that the whole certification chain is present in IPA for httpd and RA certificates. It internally calls openssl verify -CAfile /etc/ipa/ca.crt. With the latest version of ca-certificates package, openssl verify also uses the default trust store. Since the test wants to check the chain presence in /etc/ipa/ca.crt, add the -no-CAfile -no-CApath and -no-CAstore options to ensure that only /etc/ipa/ca.crt is used as trusted source. Fixes: #340 Signed-off-by: Florence Blanc-Renaud <[email protected]>
- Loading branch information