On Thu, Jul 07, 2016 at 03:46:52PM +0200, Milan Kubík wrote: > On 07/04/2016 08:57 AM, Fraser Tweedale wrote: > > Hi Milan, > > > > Yes, we can :) Two issues, outlined below. > > > > > > 1) > > Running the tests, I get error in > > test_create_subca_with_subject_conflict cleanup:: > > > > ____________ ERROR at teardown of > > TestCAbasicCRUD.test_create_subca_with_subject_conflict _____________ > > > > def cleanup(): > > created = self.exists > > try: > > del_command() > > > > <snip> > > E NotFound: crud-subca-2: Certificate Authority not found > > > > > > I do not know testing framework very well but it looks like > > track_create() sets 'self.exists = True' before the create command > > throws the (expected) DuplicateEntry error. (These are called from > > create() in the tracker 'base' class). Later, cleanup() catches a > > NotFound but re-throws it because it believes the entry should have > > existed. > > > > > > 2) > > the usercert.conf.tmpl does not like a subject base with spaces in > > it, i.e. if 'openssl req' config template gets formatted like: > > > > [ dn ] > > commonName = "alice" > > o=IPA.LOCAL 201606201330 > > > > then 'openssl req' fails with nasty error like: > > > > 140644791924600:error:0D06407A:asn1 encoding > > routines:a2d_ASN1_OBJECT:first num too large:a_object.c:108: > > 140644791924600:error:0B083077:x509 certificate > > routines:X509_NAME_ENTRY_create_by_txt:invalid field > > name:x509name.c:295:name=o > > > > and CalledProcessError gets raised and the test fails. > > > > Simplest solution is to simply remove the '{ipacertbase}' from the > > template, because AFAIK it is not needed and parsing and formatting > > the certbase (which could have multiple AVAs) is more complex than > > the test calls for, IMO. > > > > > > Thanks, > > Fraser > Hi, thanks. > > I must have missed the first issue after I removed the expected fail marker. > I have fixed it now. > > As for the usercert template, this code is older than the issues at hand. I > do not remember why exactly I used that > option in the openssl config. I have removed that in a new patch. > Thanks Milan,
All working for me now. ACK on all four patches. Cheers, Fraser -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code