summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2013-04-23 17:05:59 -0400
committerRob Crittenden <rcritten@redhat.com>2013-05-03 16:05:49 -0400
commit6e2c3a45a1da4b2b39037bf7ed3a0d3fcd42b008 (patch)
tree4ad669897aba32991b93dbdd0a3e277f09d7f88f
parent252de46ebfde14db30879e94f185096fdaa1faa3 (diff)
downloadfreeipa-6e2c3a45a1da4b2b39037bf7ed3a0d3fcd42b008.tar.gz
freeipa-6e2c3a45a1da4b2b39037bf7ed3a0d3fcd42b008.tar.xz
freeipa-6e2c3a45a1da4b2b39037bf7ed3a0d3fcd42b008.zip
Handle a 501 in cert-find from dogtag as a "not supported"
Upgrading from d9 -> d10 does not set up the RESTful interface in dogtag, they just never coded it. Rather than trying to backport things they have decided to not support upgrades. We need to catch this and report a more reasonable error. They are returning a 501 (HTTP method unimplemented) in this case. https://fedorahosted.org/freeipa/ticket/3549
Diffstat
-rw-r--r--freeipa.spec.in5
-rw-r--r--ipaserver/plugins/dogtag.py4
2 files changed, 8 insertions, 1 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 36e2a615c..924faab32 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -136,7 +136,7 @@ Requires(post): systemd-units
Requires: selinux-policy >= 3.11.1-86
Requires(post): selinux-policy-base
Requires: slapi-nis >= 0.44
-Requires: pki-ca >= 10.0.0-0.54.b3
+Requires: pki-ca >= 10.0.2
Requires: dogtag-pki-server-theme
%if 0%{?rhel}
Requires: subscription-manager
@@ -839,6 +839,9 @@ fi
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
%changelog
+* Fri May 3 2013 Rob Crittenden <rcritten@redhat.com> - 3.1.99-10
+- Require pki-ca 10.0.2 for 501 response code on find for d9 -> d10 upgrades
+
* Tue Apr 30 2013 Rob Crittenden <rcritten@redhat.com> - 3.1.99-9
- Add Conflicts on nss-pam-ldapd < 0.8.4. The mapping from uniqueMember to
member is now done automatically and having it in the config file raises
diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py
index 054a29b40..e5a8d3b17 100644
--- a/ipaserver/plugins/dogtag.py
+++ b/ipaserver/plugins/dogtag.py
@@ -1828,6 +1828,10 @@ class ra(rabase.rabase):
try:
response = opener.open(req)
except urllib2.HTTPError, e:
+ self.debug('HTTP Response code: %d' % e.getcode())
+ if e.getcode() == 501:
+ self.raise_certificate_operation_error('find',
+ detail=_('find not supported on CAs upgraded from 9 to 10'))
self.raise_certificate_operation_error('find',
detail=e.msg)
except urllib2.URLError, e:
generated by cgit (git 2.34.1) at 2024-06-20 11:11:07 +0000