git.samba.org - samba.git/commit

author	Gabriel Nagy <gabriel.nagy@canonical.com>
	Wed, 16 Aug 2023 09:20:11 +0000 (12:20 +0300)
committer	Jule Anger <janger@samba.org>
	Mon, 15 Jan 2024 10:05:17 +0000 (10:05 +0000)
commit	6dba94a3ab0e1e5bebeaaac0a9f9498146414a75
tree	8daf21a1ed3d53dc71ef3ff3bb7880d620278301	tree
parent	9db01a2c7291493a3f20987e53b1e688123a246a	commit \| diff

gp: Convert CA certificates to base64

I don't know whether this applies universally, but in our case the
contents of `es['cACertificate'][0]` are binary, so cleanly converting
to a string fails with the following:

'utf-8' codec can't decode byte 0x82 in position 1: invalid start byte

We found a fix to be encoding the certificate to base64 when
constructing the CA list.

Section 4.4.5.2 of MS-CAESO also suggests that the content of
`cACertificate` is binary (OCTET string).

Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@samba.org>
(cherry picked from commit 157335ee93eb866f9b6a47486a5668d6e76aced5)

python/samba/gp/gp_cert_auto_enroll_ext.py		diff \| blob \| history
selftest/knownfail.d/gpo	[deleted file]	blob \| history