[Freeipa-devel] [PATCH] 290 set cert_t context on some files for selfsign plugin
Jenny Galipeau
jgalipea at redhat.com
Fri Oct 9 13:30:27 UTC 2009
John Dennis wrote:
> On 10/08/2009 05:22 PM, Rob Crittenden wrote:
>> John Dennis wrote:
>>> Thanks Rob. BTW, I was going to add a try/except block around that
>>> code in selfsign and return a non-zero status if it fails. Do we have
>>> predefined status codes I should be using?
>>>
>>
>> I'm assuming you mean around the certs.next_serial() call?
>
> yes
>
>> Not really sure. This is really a "server blew up" sort of error, I'm
>> not sure what the best thing to return to the client is in this case. I
>> think something that says "the server is hosed, you can't fix it from
>> there" sort of error would be nice. AFAIK we don't currently define such
>> a beastie.
>
> Well, looking at errors.py it looks like it should be an
> ExecutionError in the 4000-4999 range. How about adding
> UnableToCompleteCertificateOperation as a generic error for any
> certificate operation we can't run to completion,
It would also be nice to reference the log, as in "Please see mylog.log
for details."
> then do a log.error message with the specific failure. The errno
> associated with UnableToCompleteCertificateOperation can be returned
> whenever we hit some unexpected error related to certificate
> operations, it will be generic enough to cover a range of cases
> without exposing the reason for the fault and the server log file will
> contain the detail. How does that sound?
--
Jenny Galipeau <jgalipea at redhat.com>
Principal Software QA Engineer
Red Hat, Inc. Security Engineering
More information about the Freeipa-devel
mailing list