summaryrefslogtreecommitdiffstats
path: root/ipa-client/ipaclient
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2014-10-14 11:12:55 +0200
committerPetr Viktorin <pviktori@redhat.com>2014-10-30 10:51:36 +0100
commit35947c6e103a18c3f81af4b6d3795218a93b3b57 (patch)
tree305bc1e38e0095d099dd5863f992c3f26b63e65e /ipa-client/ipaclient
parenta649a84a1bd7eb3c727fdcfc341b326a19b0ee5a (diff)
downloadfreeipa-35947c6e103a18c3f81af4b6d3795218a93b3b57.tar.gz
freeipa-35947c6e103a18c3f81af4b6d3795218a93b3b57.tar.xz
freeipa-35947c6e103a18c3f81af4b6d3795218a93b3b57.zip
Do not wait for new CA certificate to appear in LDAP in ipa-certupdate
If new certificate is not available, reuse the old one, instead of waiting indefinitely for the new certificate to appear. https://fedorahosted.org/freeipa/ticket/4628 Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'ipa-client/ipaclient')
-rw-r--r--ipa-client/ipaclient/ipa_certupdate.py6
1 files changed, 4 insertions, 2 deletions
diff --git a/ipa-client/ipaclient/ipa_certupdate.py b/ipa-client/ipaclient/ipa_certupdate.py
index 7ef11d058..031a34c3a 100644
--- a/ipa-client/ipaclient/ipa_certupdate.py
+++ b/ipa-client/ipaclient/ipa_certupdate.py
@@ -143,14 +143,16 @@ class CertUpdate(admintool.AdminTool):
timeout = api.env.startup_timeout + 60
self.log.debug("resubmitting certmonger request '%s'", request_id)
- certmonger.resubmit_request(request_id, profile='ipaRetrieval')
+ certmonger.resubmit_request(
+ request_id, profile='ipaRetrievalOrReuse')
try:
state = certmonger.wait_for_request(request_id, timeout)
except RuntimeError:
raise admintool.ScriptError(
"Resubmitting certmonger request '%s' timed out, "
"please check the request manually" % request_id)
- if state != 'MONITORING':
+ ca_error = certmonger.get_request_value(request_id, 'ca-error')
+ if state != 'MONITORING' or ca_error:
raise admintool.ScriptError(
"Error resubmitting certmonger request '%s', "
"please check the request manually" % request_id)