#56 ipa submission should not retry without 'profile' or 'cacn' argument
Opened 3 years ago by ftweedal. Modified 3 years ago

Currently if certmonger sends 'profile' or 'cacn' argument to
ipa cert_request method, and it fails, it may interpret as an
unrecognised argument, strip the argument and retry.

It should not retry without the argument, because this could
result in cert being issued with unexpected profile or from
wrong CA (or failing again due to the new combination being
denied by CA ACLs).

Mailing list discussion: https://lists.fedorahosted.org/archives/list/certmonger-devel@lists.fedorahosted.org/thread/KWGVMVSZ4LTIVTYZL2NTMX3HF6ODUHRI/

Metadata Update from @ftweedal:
- Issue set to the milestone: 0.0 NEEDS_TRIAGE

3 years ago

Login to comment on this ticket.