[Freeipa-devel] [PATCH] 290 set cert_t context on some files for selfsign plugin
Rob Crittenden
rcritten at redhat.com
Thu Oct 8 21:22:41 UTC 2009
John Dennis wrote:
> On 10/08/2009 05:11 PM, Rob Crittenden wrote:
>> I missed this file when I did the last CA patch :-(
>>
>> This sets the cert_t context on some files needed for the selfsign
>> plugin to work. It needs to let httpd write the serial number file and
>> open the NSS database.
>
> Thanks Rob. BTW, I was going to add a try/except block around that code
> in selfsign and return a non-zero status if it fails. Do we have
> predefined status codes I should be using?
>
I'm assuming you mean around the certs.next_serial() call?
Not really sure. This is really a "server blew up" sort of error, I'm
not sure what the best thing to return to the client is in this case. I
think something that says "the server is hosed, you can't fix it from
there" sort of error would be nice. AFAIK we don't currently define such
a beastie.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20091008/9362db65/attachment.bin>
More information about the Freeipa-devel
mailing list