diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-02-26 12:30:01 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2010-02-26 12:30:01 -0500 |
| commit | 0700f4d7cae9b0b25214b117715dd91a6ccb1132 (patch) | |
| tree | eb7071408ef3f481a090f66d380ddb49938e8a9e /ipalib/plugins/service.py | |
| parent | fc1313445512762acaf44b45eca9c4f98c2b824e (diff) | |
| download | freeipa-0700f4d7cae9b0b25214b117715dd91a6ccb1132.tar.gz freeipa-0700f4d7cae9b0b25214b117715dd91a6ccb1132.tar.xz freeipa-0700f4d7cae9b0b25214b117715dd91a6ccb1132.zip | |
Don't try to revoke a cert that is already revoked.
We get a bit of an unusual error message back from dogtag when trying
to revoke a revoked cert so check its status first.
Diffstat (limited to 'ipalib/plugins/service.py')
| -rw-r--r-- | ipalib/plugins/service.py | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py index d72a42dc3..b8312ba55 100644 --- a/ipalib/plugins/service.py +++ b/ipalib/plugins/service.py @@ -199,9 +199,15 @@ class service_del(LDAPDelete): if cert: serial = unicode(get_serial(cert)) try: - self.api.Command['cert_revoke'](serial, revocation_reason=5) + result = api.Command['cert_get'](unicode(serial))['result'] + if 'revocation_reason' not in result: + try: + api.Command['cert_revoke'](unicode(serial), revocation_reason=4) + except errors.NotImplementedError: + # some CA's might not implement revoke + pass except errors.NotImplementedError: - # selfsign CA doesn't do revocation + # some CA's might not implement revoke pass return dn |