Do not decode HTTP reason phrase from Dogtag

The HTTP reason phrase sent by Dogtag is assumed to be encoded in
UTF-8, but the encoding used by Tomcat is dependent on system
locale, causing decode errors in some locales.

The reason phrase is optional and will not be sent in a future
version of Tomcat[1], so do not bother decoding and returning it.

[1] https://github.com/apache/tomcat/commit/707ab1c77f3bc189e1c3f29b641506db4c8bce37

Fixes: https://fedorahosted.org/freeipa/ticket/5578
Reviewed-By: Jan Cholasta <jcholast@redhat.com>

1 files changed, 3 insertions, 4 deletions

diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 1591362b4..f74b76090 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -403,12 +403,11 @@ class CertDB(object):
         result = dogtag.https_request(
             self.host_name, 8443, "/ca/ee/ca/profileSubmitSSLClient",
             self.secdir, password, "ipaCert", **params)
-        http_status, http_reason_phrase, http_headers, http_body = result
+        http_status, http_headers, http_body = result
 
         if http_status != 200:
             raise CertificateOperationError(
-                error=_('Unable to communicate with CMS (%s)') %
-                    http_reason_phrase)
+                error=_('Unable to communicate with CMS (status %d)') % http_status)
 
         # The result is an XML blob. Pull the certificate out of that
         doc = xml.dom.minidom.parseString(http_body)
@@ -457,7 +456,7 @@ class CertDB(object):
         result = dogtag.https_request(
             self.host_name, 8443, "/ca/ee/ca/profileSubmitSSLClient",
             self.secdir, password, "ipaCert", **params)
-        http_status, http_reason_phrase, http_headers, http_body = result
+        http_status, http_headers, http_body = result
         if http_status != 200:
             raise RuntimeError("Unable to submit cert request")