Adding support to import nested certificates through PFX certificate

- The following case was also identified in case of PFX certificate - Minor changes to allow import of ca_certs if they are present - Supporting changes have been sent in PR: https://github.com/chef/win32-certstore/pull/53 Signed-off-by: Nimesh-Msys <nimesh.patni@msystechnologies.com>
author: Nimesh-Msys <nimesh.patni@msystechnologies.com> 2019-02-27 15:43:50 +0530
committer: Nimesh-Msys <nimesh.patni@msystechnologies.com> 2019-02-27 15:43:50 +0530
commit: 02feea25f48446f6324cc13dc07de35de5670d54 (patch)
tree: 0038c02037fa3bbe7aea138639569ad61dd00ceb
parent: 8147abf3dec36be7f79659a75223236f0a444aad (diff)
download: chef-02feea25f48446f6324cc13dc07de35de5670d54.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/chef/resource/windows_certificate.rb b/lib/chef/resource/windows_certificate.rb
index d4ac9a29d6..e7261adfba 100644
--- a/lib/chef/resource/windows_certificate.rb
+++ b/lib/chef/resource/windows_certificate.rb
@@ -281,7 +281,12 @@ class Chef
 
           case ext
           when ".pfx"
-            OpenSSL::PKCS12.new(contents, new_resource.pfx_password).certificate
+            pfx = OpenSSL::PKCS12.new(contents, new_resource.pfx_password)
+            if pfx.ca_certs.nil?
+              pfx.certificate
+            else
+              [pfx.certificate] + pfx.ca_certs
+            end
           when ".p7b"
             OpenSSL::PKCS7.new(contents).certificates
           else
author	Nimesh-Msys <nimesh.patni@msystechnologies.com>	2019-02-27 15:43:50 +0530
committer	Nimesh-Msys <nimesh.patni@msystechnologies.com>	2019-02-27 15:43:50 +0530
commit	02feea25f48446f6324cc13dc07de35de5670d54 (patch)
tree	0038c02037fa3bbe7aea138639569ad61dd00ceb
parent	8147abf3dec36be7f79659a75223236f0a444aad (diff)
download	chef-02feea25f48446f6324cc13dc07de35de5670d54.tar.gz