git.samba.org - samba.git/commit

author	Gabriel Nagy <gabriel.nagy@canonical.com>
	Wed, 16 Aug 2023 09:20:11 +0000 (12:20 +0300)
committer	Andrew Bartlett <abartlet@samba.org>
	Mon, 28 Aug 2023 02:04:36 +0000 (02:04 +0000)
commit	157335ee93eb866f9b6a47486a5668d6e76aced5
tree	1750f012440dfa7c593a08b802ff49a3220919f5	tree
parent	1ef722cf66f9ec99f52939f1cfca031c5fe1ad70	commit \| diff

gp: Convert CA certificates to base64

I don't know whether this applies universally, but in our case the
contents of `es['cACertificate'][0]` are binary, so cleanly converting
to a string fails with the following:

'utf-8' codec can't decode byte 0x82 in position 1: invalid start byte

We found a fix to be encoding the certificate to base64 when
constructing the CA list.

Section 4.4.5.2 of MS-CAESO also suggests that the content of
`cACertificate` is binary (OCTET string).

Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@samba.org>

python/samba/gp/gp_cert_auto_enroll_ext.py		diff \| blob \| history
selftest/knownfail.d/gpo	[deleted file]	blob \| history