John Dennis wrote:
On 10/08/2009 05:11 PM, Rob Crittenden wrote:
I missed this file when I did the last CA patch :-(

This sets the cert_t context on some files needed for the selfsign
plugin to work. It needs to let httpd write the serial number file and
open the NSS database.

Thanks Rob. BTW, I was going to add a try/except block around that code in selfsign and return a non-zero status if it fails. Do we have predefined status codes I should be using?

I'm assuming you mean around the certs.next_serial() call?

Not really sure. This is really a "server blew up" sort of error, I'm not sure what the best thing to return to the client is in this case. I think something that says "the server is hosed, you can't fix it from there" sort of error would be nice. AFAIK we don't currently define such a beastie.


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Freeipa-devel mailing list

Reply via email to