diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2014-12-03 07:43:15 +0000 |
|---|---|---|
| committer | Petr Vobornik <pvoborni@redhat.com> | 2014-12-09 13:06:47 +0100 |
| commit | 423c3e8f34d6ae6655c3b82c4e5a18caf1e63a49 (patch) | |
| tree | dee6c4cef7988b7a10511c6045a575af98174ab4 /install/certmonger | |
| parent | 29ff2868cde9f80eda62d50c0d5fc2c22541faf1 (diff) | |
| download | freeipa-423c3e8f34d6ae6655c3b82c4e5a18caf1e63a49.tar.gz freeipa-423c3e8f34d6ae6655c3b82c4e5a18caf1e63a49.tar.xz freeipa-423c3e8f34d6ae6655c3b82c4e5a18caf1e63a49.zip | |
Fix automatic CA cert renewal endless loop in dogtag-ipa-ca-renew-agent
Reset profile name after requesting the CA cert from Dogtag to prevent the
automatic renewal request from being restarted in subsequent calls.
https://fedorahosted.org/freeipa/ticket/4765
Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'install/certmonger')
| -rwxr-xr-x | install/certmonger/dogtag-ipa-ca-renew-agent-submit | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/install/certmonger/dogtag-ipa-ca-renew-agent-submit b/install/certmonger/dogtag-ipa-ca-renew-agent-submit index 0a2cff148..e0dd33fda 100755 --- a/install/certmonger/dogtag-ipa-ca-renew-agent-submit +++ b/install/certmonger/dogtag-ipa-ca-renew-agent-submit @@ -408,8 +408,10 @@ def renew_ca_cert(): "IPA CA certificate is about to expire, " "use ipa-cacert-manage to renew it") elif state == 'request': + profile = os.environ['CERTMONGER_CA_PROFILE'] os.environ['CERTMONGER_CA_PROFILE'] = 'caCACert' result = call_handler(request_and_store_cert) + os.environ['CERTMONGER_CA_PROFILE'] = profile if result[0] == WAIT: return (result[0], '%s:%s' % (state, result[1])) |