On Fri, 2011-02-04 at 09:05 +0100, Jan Zelený wrote: > Martin Kosek <mko...@redhat.com> wrote: > > When v2 IPA client is trying to join an IPA v1 server > > a strange exception is printed out to the user. This patch > > detects this by catching an XML-RPC error reported by ipa-join > > binary called in the process which fails on unexisting IPA server > > 'join' method. > > > > wget call had to be changed so that IPA client may get to the > > ipa-join step. --no-check-certificate had to be added as V1 > > server automatically redirects the request to self-signed secure > > connection. > > > > https://fedorahosted.org/freeipa/ticket/553 > > The patch is ok and applies correctly. My only thought was to download the > certificate directly from https://..../ca.crt instead of plain http, but > there > is probably no real benefit. > > ack > > Jan
Jan, thanks for the review. And yes, I could not see a benefit too. Since the IPA sever certificate is not a confidential information the secure connection is not needed. And since we do not trust the server's certificate in this step of installation and --no-check-certificate is used, a secure connection would be used for server identity validation either. Therefore, I would ask for the patch to be pushed. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
