On Tue, Aug 30, 2016 at 10:39:16AM +0200, Jan Cholasta wrote: > Hi, > > On 26.8.2016 07:42, Fraser Tweedale wrote: > > On Fri, Aug 26, 2016 at 03:37:17PM +1000, Fraser Tweedale wrote: > > > Hi all, > > > > > > Attached patch fixes https://fedorahosted.org/freeipa/ticket/6221. > > > It depends on Honza's PR #20 > > > https://github.com/freeipa/freeipa/pull/20. > > > > > > Thanks, > > > Fraser > > > > > It does help to attach the patch :) > > I think it would be better to call cert-find once per host-del/service-del > with the --host/--service option specified. That way you'll get all > certificates for the given host/service at once. > > Honza > I agree that is a nicer approach.
'revoke_certs' is called from several other places besides just host/service_del. If we want to land this fix Real Soon I'd suggest we either: A) Define function 'revoke_certs_from_cert_find', call it from host/service_del, and leave 'revoke_certs' alone; or B) Land the patch as-is and do a bigger refactor at a later time. What do you think? -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code