|
 |
ac7d03 |
From c7d19fca09f7398af63ceffb915afc9b5d507e1e Mon Sep 17 00:00:00 2001
|
|
|
ac7d03 |
From: Florence Blanc-Renaud <flo@redhat.com>
|
|
|
ac7d03 |
Date: Fri, 24 Mar 2017 11:02:33 +0100
|
|
|
ac7d03 |
Subject: [PATCH] dogtag-ipa-ca-renew-agent-submit: fix the is_replicated()
|
|
|
ac7d03 |
function
|
|
|
ac7d03 |
|
|
|
ac7d03 |
dogtag-ipa-ca-renew-agent-submit behaves differently depending on the
|
|
|
ac7d03 |
certificate it needs to renew. For instance, some certificates (such as IPA RA)
|
|
|
ac7d03 |
are the same on all the hosts and the renewal is actually done only on
|
|
|
ac7d03 |
the renewal master. On other nodes, the new cert is downloaded from LDAP.
|
|
|
ac7d03 |
|
|
|
ac7d03 |
The function is_replicated() is returning the opposite as what it should. If
|
|
|
ac7d03 |
the cert nickname is IPA RA, it should return that the cert is replicated but
|
|
|
ac7d03 |
it doesn't, and this leads to a wrong code path to renew the cert.
|
|
|
ac7d03 |
|
|
|
ac7d03 |
https://pagure.io/freeipa/issue/6813
|
|
|
ac7d03 |
|
|
|
ac7d03 |
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
ac7d03 |
---
|
|
|
ac7d03 |
install/certmonger/dogtag-ipa-ca-renew-agent-submit | 2 +-
|
|
|
ac7d03 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
ac7d03 |
|
|
|
ac7d03 |
diff --git a/install/certmonger/dogtag-ipa-ca-renew-agent-submit b/install/certmonger/dogtag-ipa-ca-renew-agent-submit
|
|
|
ac7d03 |
index cc690b8fa26854a5ab683915a5ba6a8d3c0d4ae4..5782db703c49d7c2e92c806e24e9925e8e7d710a 100755
|
|
|
ac7d03 |
--- a/install/certmonger/dogtag-ipa-ca-renew-agent-submit
|
|
|
ac7d03 |
+++ b/install/certmonger/dogtag-ipa-ca-renew-agent-submit
|
|
|
ac7d03 |
@@ -119,7 +119,7 @@ def is_renewable():
|
|
|
ac7d03 |
|
|
|
ac7d03 |
|
|
|
ac7d03 |
def is_replicated():
|
|
|
ac7d03 |
- return not get_nickname()
|
|
|
ac7d03 |
+ return bool(get_nickname())
|
|
|
ac7d03 |
|
|
|
ac7d03 |
|
|
|
ac7d03 |
def is_renewal_master():
|
|
|
ac7d03 |
--
|
|
|
ac7d03 |
2.12.1
|
|
|
ac7d03 |
|