diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-10-14 10:30:07 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-10-29 15:06:05 +0100 |
commit | a649a84a1bd7eb3c727fdcfc341b326a19b0ee5a (patch) | |
tree | 0331af566cb14e0bbbb8281ce9e7726d86561406 /ipa-client | |
parent | ac500003fda7142c4c0bb27cd5d1e5aea105f777 (diff) | |
download | freeipa-a649a84a1bd7eb3c727fdcfc341b326a19b0ee5a.tar.gz freeipa-a649a84a1bd7eb3c727fdcfc341b326a19b0ee5a.tar.xz freeipa-a649a84a1bd7eb3c727fdcfc341b326a19b0ee5a.zip |
Handle profile changes in dogtag-ipa-ca-renew-agent
To update the CA certificate in the Dogtag NSS database, the
"ipa-cacert-manage renew" and "ipa-certupdate" commands temporarily change
the profile of the CA certificate certmonger request, resubmit it and
change the profile back to the original one.
When something goes wrong while resubmitting the request, it needs to be
modified and resubmitted again manually. This might fail with invalid
cookie error, because changing the profile does not change the internal
state of the request.
Detect this in dogtag-ipa-ca-renew-agent and reset the internal state when
profile is changed.
https://fedorahosted.org/freeipa/ticket/4627
Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'ipa-client')
0 files changed, 0 insertions, 0 deletions