[Pki-devel] [PATCH] 529 Updated KRA Python client library.
Endi Sukma Dewata
edewata at redhat.com
Thu Oct 9 21:29:33 UTC 2014
On 10/9/2014 10:40 AM, Ade Lee wrote:
> Looks good. ACK.
>
> Just one issue below:
>
> 1. In crypto.py, in lines 117-120, is it possible for an exception to be
> thrown, leaving the password file lying around? That is one of the
> advantages of the with ... construction. Maybe move lines 116 -120 into
> the try: block.
The chance for that to happen is probably small because after the
password is written to the file the code only does a variable
assignment, then enter the try-block. I've moved the code into the
try-block regardless. The main reason for the change is mkstemp() is
supposed to be more secure.
On 10/9/2014 1:58 PM, Abhishek Koneru wrote:
> In the drmtest readme file, in the last section it should be -
>
> pki ~/.dogtag/pki-tomcat/ca/alias -c <password> client-cert-show "PKI
> Administrator for example.com" --client-cert kraagent.pem
Actually the "caadmin" would match the nickname I used in the ca.cfg
example on the Quick Start page, so the command is correct (except for
the missing -d) and would be more appropriate for quick testing by root.
The "PKI Administrator for example.com" is the standard nickname
generated by the interactive mode and it's kind of long.
Thanks for the review. It's pushed to master with the above fixes.
--
Endi S. Dewata
More information about the Pki-devel
mailing list