The attached patch fixes regression in cert-request:
https://fedorahosted.org/freeipa/ticket/6309

Thanks,
Fraser
From b27eef53ee36b7cae70206c37dea6aaa3bcfc940 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftwee...@redhat.com>
Date: Thu, 8 Sep 2016 11:56:16 +1000
Subject: [PATCH] cert-request: raise error when request fails

Fix a regression in recent change to request cert via Dogtag REST
API.  'ra.request_certificate' was no longer raising
CertificateOperationError when the cert request failed.  Inspect the
request result to determine if the request completed, and raise if
it did not.

Fixes: https://fedorahosted.org/freeipa/ticket/6309
---
 ipaserver/plugins/dogtag.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py
index 
77d24731bbc102ace3123a6fe41a631ea7c24f3b..644b41e90f2d377ae9b70cf4719ab8789fdfc649
 100644
--- a/ipaserver/plugins/dogtag.py
+++ b/ipaserver/plugins/dogtag.py
@@ -1678,6 +1678,10 @@ class ra(rabase.rabase, RestClient):
             return cmd_result
         certinfo = entries[0]
 
+        if certinfo['requestStatus'] != 'complete':
+            raise errors.CertificateOperationError(
+                    error=certinfo.get('errorMessage'))
+
         if 'certId' in certinfo:
             cmd_result = self.get_certificate(certinfo['certId'])
             cert = ''.join(cmd_result['certificate'].splitlines())
-- 
2.5.5

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to