Issue #56: ipa submission should not retry without 'profile' or 'cacn' argument - certmonger

certmonger

#56 ipa submission should not retry without 'profile' or 'cacn' argument

Opened Aug 23, 2016 by ftweedal. Modified Feb 21, 2017

Currently if certmonger sends 'profile' or 'cacn' argument to
ipa cert_request method, and it fails, it may interpret as an
unrecognised argument, strip the argument and retry.

It should not retry without the argument, because this could
result in cert being issued with unexpected profile or from
wrong CA (or failing again due to the new combination being
denied by CA ACLs).

Mailing list discussion: https://lists.fedorahosted.org/archives/list/certmonger-devel@lists.fedorahosted.org/thread/KWGVMVSZ4LTIVTYZL2NTMX3HF6ODUHRI/

Metadata Update from @ftweedal:
- Issue set to the milestone: 0.0 NEEDS_TRIAGE

Feb 21, 2017

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

Normal

type

defect

component

certmonger

Static archive. pagure.io was sunset in 2026; this is a read-only snapshot.

Fedora is sponsored by Red Hat. Learn more about the relationship between Red Hat and Fedora »

certmonger

#56 ipa submission should not retry without 'profile' or 'cacn' argument Opened Aug 23, 2016 by ftweedal. Modified Feb 21, 2017

Metadata

#56 ipa submission should not retry without 'profile' or 'cacn' argument

Opened Aug 23, 2016 by ftweedal. Modified Feb 21, 2017