[Pki-devel] [PATCH] 0123 Do not attempt cert update unless signing key is present
Endi Sukma Dewata
edewata at redhat.com
Wed Jun 15 00:40:12 UTC 2016
On 6/13/2016 9:38 PM, Fraser Tweedale wrote:
> Hi all,
>
> The attached patch fixes https://fedorahosted.org/pki/ticket/2359.
> Please review for inclusion in 10.3.3.
>
> Thanks,
> Fraser
It looks like the initSignUnit() is only called with retrieveKeys=true
in init(). So the code that starts the key retriever thread probably can
be moved out, becoming something like this:
initDefCaAttrs();
try {
initSignUnit();
checkForNewerCert();
} catch (CAMissingCertException | CAMissingKeyException e) {
// start key retriever thread
} catch (EBaseException e) {
...
}
I think it would clarify a little bit how the missing cert/key is handled.
So if I understand correctly if the cert/key is missing the LWCA object
will still be created and registered, but it will be disabled
(hasKeys=false)?
When the key retriever thread is complete, will it automatically
reinitialize and enable the LWCA object?
Regardless, feel free to push the patch as is.
--
Endi S. Dewata
More information about the Pki-devel
mailing list