From 90fde5a437f23cac0534f66bc3564c9c676010ab Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Wed, 3 Dec 2014 07:43:15 +0000
Subject: [PATCH] Fix automatic CA cert renewal endless loop in
 dogtag-ipa-ca-renew-agent

Reset profile name after requesting the CA cert from Dogtag to prevent the
automatic renewal request from being restarted in subsequent calls.

https://fedorahosted.org/freeipa/ticket/4765

Reviewed-By: David Kupka <dkupka@redhat.com>
---
 install/certmonger/dogtag-ipa-ca-renew-agent-submit | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/install/certmonger/dogtag-ipa-ca-renew-agent-submit b/install/certmonger/dogtag-ipa-ca-renew-agent-submit
index 0a2cff148810e4800c02121afc68911c221d34d7..e0dd33fda6036ed2fb003a89c35eacb1784a5e25 100755
--- a/install/certmonger/dogtag-ipa-ca-renew-agent-submit
+++ b/install/certmonger/dogtag-ipa-ca-renew-agent-submit
@@ -408,8 +408,10 @@ def renew_ca_cert():
                           "IPA CA certificate is about to expire, "
                           "use ipa-cacert-manage to renew it")
     elif state == 'request':
+        profile = os.environ['CERTMONGER_CA_PROFILE']
         os.environ['CERTMONGER_CA_PROFILE'] = 'caCACert'
         result = call_handler(request_and_store_cert)
+        os.environ['CERTMONGER_CA_PROFILE'] = profile
 
     if result[0] == WAIT:
         return (result[0], '%s:%s' % (state, result[1]))
-- 
2.1.0