IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix automatic CA cert renewal endless loop in dogtag-ipa-ca-renew-agent

Browse Source 
Reset profile name after requesting the CA cert from Dogtag to prevent the
automatic renewal request from being restarted in subsequent calls.

https://fedorahosted.org/freeipa/ticket/4765

Reviewed-By: David Kupka <dkupka@redhat.com>
This commit is contained in:
Jan Cholasta 2014-12-03 07:43:15 +00:00 committed by Petr Vobornik
parent 29ff2868cd
commit 423c3e8f34
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
install/certmonger/dogtag-ipa-ca-renew-agent-submit
View File

@ -408,8 +408,10 @@ def renew_ca_cert():
"IPA CA certificate is about to expire, "
"use ipa-cacert-manage to renew it")
elif state == 'request':
profile = os.environ['CERTMONGER_CA_PROFILE']
os.environ['CERTMONGER_CA_PROFILE'] = 'caCACert'
result = call_handler(request_and_store_cert)
os.environ['CERTMONGER_CA_PROFILE'] = profile
if result[0] == WAIT:
return (result[0], '%s:%s' % (state, result[1]))