[Freeipa-devel] [freeipa PR#584][opened] Improve the implementation of PKINIT certificate retrieval
martbab
freeipa-github-notification at redhat.com
Tue Mar 14 15:32:14 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/584
Author: martbab
Title: #584: Improve the implementation of PKINIT certificate retrieval
Action: opened
PR body:
"""
The original PKINIT cert request code contained numerous defects, namely:
* nearly absent handling of rejected requests and CA errors which resulted
e.g. in an unusable WebUI after replica installation
and
* certificate request logic that was not consistent with the rest of the
installers (DS, HTTP for example): what caused hard errors in their case
went unnoticed in PKINIT setup
This PR consolidates this code so that errors arising from CA rejecting the
PKINIT cert request cause the installers to abort immediately. The PKINIT step
was also split into a separate method executed before LDAP updates. The name
was chosen to be `enable_ssl` in order to make the planned refactoring of
certificate requesting code (https://pagure.io/freeipa/issue/6429) easier: the
method name is not accurate but at least it is consistent with e.g. LDAP
installer co the common code can be grepper with greater ease.
https://pagure.io/freeipa/issue/6739
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/584/head:pr584
git checkout pr584
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pr-584.patch
Type: text/x-diff
Size: 13283 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20170314/e328b3ff/attachment.bin>
More information about the Freeipa-devel
mailing list