summaryrefslogtreecommitdiffstats
path: root/makeaci
diff options
context:
space:
mode:
authorMartin Babinsky <mbabinsk@redhat.com>2017-03-14 09:56:07 +0100
committerMartin Basti <mbasti@redhat.com>2017-03-15 16:39:39 +0100
commit95768de06fbef78169329af12b29e4d65e4bf157 (patch)
tree968fe608ec9d9e80b8c1dd92f041a891e2f4da3d /makeaci
parent46d4d534c08d14756b989e157e87a078d174ad5c (diff)
downloadfreeipa-95768de06fbef78169329af12b29e4d65e4bf157.tar.gz
freeipa-95768de06fbef78169329af12b29e4d65e4bf157.tar.xz
freeipa-95768de06fbef78169329af12b29e4d65e4bf157.zip
Make PKINIT certificate request logic consistent with other installers
The certmonger request handling code during pkinit setup actually never correctly handled situations when certificate request was rejected by the CA or CA was unreachable. This led to subtle errors caused by broken anonymous pkinit (e.g. failing WebUI logins) which are hard to debug. The code should behave as other service installers, e. g. use `request_and_wait_for_cert` method which raises hard error when request times out or is not granted by CA. On master contact Dogtag CA endpoint directly as is done in DS installation. https://pagure.io/freeipa/issue/6739 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'makeaci')
0 files changed, 0 insertions, 0 deletions