[Freeipa-devel] [PATCH] 0006 Raise ACI error when CSR has no subject hostname
Lynn Root
lroot at redhat.com
Mon Dec 10 16:32:53 UTC 2012
On 12/10/2012 05:01 PM, Martin Kosek wrote:
> On 12/10/2012 03:53 PM, Lynn Root wrote:
>> Raise ACI error when CSR does not have a subject hostname.
>>
>> Ticket:https://fedorahosted.org/freeipa/ticket/3123
>>
> Why an ACIError? I know there are are a lot of ACIErrors thrown in cert-request
> command processing, but they are all related to authorization of the request.
> In this case, this is rather a missing required field of the CSR, so
> ValidationError may be a better choice.
>
> Martin
>
I elected ACIError simply because the immediately following ACIError
raises the issue that hostname of principal doesn't match the subject
hostname of the CSR - seemed a similar case of "doesn't match" with
"doesn't exists." But right - it's not related to Auth.
Would ValidationError be appropriate, or would RequirementError or
NotFound be more so?
--
Lynn Root
@roguelynn
Associate Software Engineer
Red Hat, Inc
More information about the Freeipa-devel
mailing list