From a0bd1a7f9f86cab1f25054ccc14bc1b04df32261 Mon Sep 17 00:00:00 2001 From: Waqar Ahmed Date: Thu, 19 Dec 2024 01:47:08 +0500 Subject: [PATCH] Do not allow changing anything for tnc cert --- .../middlewared/plugins/crypto_/certificates.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/middlewared/middlewared/plugins/crypto_/certificates.py b/src/middlewared/middlewared/plugins/crypto_/certificates.py index 3ce32dfed2dca..a6810803b7509 100644 --- a/src/middlewared/middlewared/plugins/crypto_/certificates.py +++ b/src/middlewared/middlewared/plugins/crypto_/certificates.py @@ -601,6 +601,13 @@ async def do_update(self, job, id_, data): if any(new.get(k) != old.get(k) for k in ('name', 'revoked', 'renew_days', 'add_to_trusted_store')): verrors = ValidationErrors() + tnc_config = await self.middleware.call('tn_connect.config') + if tnc_config['certificate'] == id_: + verrors.add( + 'certificate_update.name', + 'This certificate is being used by TrueNAS Connect service and cannot be modified' + ) + verrors.check() if new['name'] != old['name']: await validate_cert_name(