freeipa

Clone
Source Code
GIT

95768de Make PKINIT certificate request logic consistent with other installers

1 file Authored by mbabinsk 7 years ago, Committed by mbasti 7 years ago,
raw patch tree parent
1 file changed. 8 lines added. 8 lines removed.
ipaserver/install/krbinstance.py
file modified
+8 -8 
    Make PKINIT certificate request logic consistent with other installers
    
    The certmonger request handling code during pkinit setup actually never
    correctly handled situations when certificate request was rejected by
    the CA or CA was unreachable. This led to subtle errors caused by broken
    anonymous pkinit (e.g. failing WebUI logins) which are hard to debug.
    
    The code should behave as other service installers, e. g. use
    `request_and_wait_for_cert` method which raises hard error when request
    times out or is not granted by CA. On master contact Dogtag CA endpoint
    directly as is done in DS installation.
    
    https://pagure.io/freeipa/issue/6739
    
    Reviewed-By: Martin Basti <mbasti@redhat.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
file modified
+8 -8
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.