[Pki-devel] [PATCH] PKI Deployment Framework PKI TRAC issues (08/14/2012)
Matthew Harmsen
mharmsen at redhat.com
Wed Aug 15 01:21:17 UTC 2012
This patch documents continued implementation of the PKI Deployment
Framework based upon the revised filesystem layout documented here:
* http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment#CA_.2F_KRA_.2F_OCSP_.2F_RA_.2F_TKS_.2F_TPS
This patch addresses the following issues:
* TRAC Ticket #266 - for non-master CA subsystems, pkidestroy needs to
contact the security domain to update the domain
* Made Fedora 17 rely upon tomcatjss 7.0.0 or later
It has been tested and proven to work successfully to
spawn/destroy/spawn a KRA as a separate instance on a 64-bit Fedora 17
machine (using the appropriate 'tomcatjss.jar').
P. S. - While fixing the parameters passed via "outputError()" in
'base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java',
I noticed that several of the other servlets in this directory also
utilized the "AUTH_FAILURE" error value for the second argument of
"outputError()" which gets passed as the string "2" --- while this
string is technically acceptable, I believe that this may be old usage
of some legacy parent method since "outputError()" is currently defined
in "base/common/src/com/netscape/cms/servlet/base/CMSServlet.java" as:
* protected void outputError(HttpServletResponse httpResp, String
errorString)
* protected void outputError(HttpServletResponse httpResp, String
errorString, String requestId)
* protected void outputError(HttpServletResponse httpResp, String
status, String errorString, String requestId)
so for all of my changes to "outputError()" in "UpdateDomainXML.java", I
merely changed these incorrect three parameter call versions to the two
parameter call version by removing the second parameter
("AUTH_FAILURE"). If I am correct about this seemingly legacy usage,
please let me know if I need to file a TRAC ticket for this issue.
Thanks,
-- Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20120814/248a0a94/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20120814-PKI-Deployment-Scriptlets-Security-Domain.patch
Type: text/x-patch
Size: 18778 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20120814/248a0a94/attachment.bin>
More information about the Pki-devel
mailing list