John Dennis wrote:
On 10/08/2009 05:11 PM, Rob Crittenden wrote:I missed this file when I did the last CA patch :-(This sets the cert_t context on some files needed for the selfsign plugin to work. It needs to let httpd write the serial number file and open the NSS database.Thanks Rob. BTW, I was going to add a try/except block around that code in selfsign and return a non-zero status if it fails. Do we have predefined status codes I should be using?
I'm assuming you mean around the certs.next_serial() call?Not really sure. This is really a "server blew up" sort of error, I'm not sure what the best thing to return to the client is in this case. I think something that says "the server is hosed, you can't fix it from there" sort of error would be nice. AFAIK we don't currently define such a beastie.
rob
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
