diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2014-12-03 07:43:15 +0000 |
|---|---|---|
| committer | Petr Vobornik <pvoborni@redhat.com> | 2014-12-09 13:06:47 +0100 |
| commit | 9bfb16c22043d714b8227567600f94345c40cad6 (patch) | |
| tree | 50e722950b9960d81c6e16acc19038a42f1613e3 | |
| parent | b13f764b3c355576692e558299d17e8ea8819834 (diff) | |
| download | freeipa-9bfb16c22043d714b8227567600f94345c40cad6.tar.gz freeipa-9bfb16c22043d714b8227567600f94345c40cad6.tar.xz freeipa-9bfb16c22043d714b8227567600f94345c40cad6.zip | |
Fix automatic CA cert renewal endless loop in dogtag-ipa-ca-renew-agent
Reset profile name after requesting the CA cert from Dogtag to prevent the
automatic renewal request from being restarted in subsequent calls.
https://fedorahosted.org/freeipa/ticket/4765
Reviewed-By: David Kupka <dkupka@redhat.com>
| -rwxr-xr-x | install/certmonger/dogtag-ipa-ca-renew-agent-submit | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/install/certmonger/dogtag-ipa-ca-renew-agent-submit b/install/certmonger/dogtag-ipa-ca-renew-agent-submit index 0a2cff148..e0dd33fda 100755 --- a/install/certmonger/dogtag-ipa-ca-renew-agent-submit +++ b/install/certmonger/dogtag-ipa-ca-renew-agent-submit @@ -408,8 +408,10 @@ def renew_ca_cert(): "IPA CA certificate is about to expire, " "use ipa-cacert-manage to renew it") elif state == 'request': + profile = os.environ['CERTMONGER_CA_PROFILE'] os.environ['CERTMONGER_CA_PROFILE'] = 'caCACert' result = call_handler(request_and_store_cert) + os.environ['CERTMONGER_CA_PROFILE'] = profile if result[0] == WAIT: return (result[0], '%s:%s' % (state, result[1])) |