mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
e934da09d5
dogtag-ipa-ca-renew-agent-submit behaves differently depending on the certificate it needs to renew. For instance, some certificates (such as IPA RA) are the same on all the hosts and the renewal is actually done only on the renewal master. On other nodes, the new cert is downloaded from LDAP. The function is_replicated() is returning the opposite as what it should. If the cert nickname is IPA RA, it should return that the cert is replicated but it doesn't, and this leads to a wrong code path to renew the cert. https://pagure.io/freeipa/issue/6813 Reviewed-By: Jan Cholasta <jcholast@redhat.com>