Catch when retrieving the CA chain from dogtag fails and report a friendlier error. Also don't try to free the XML document unless it has been created.

To test this do an installation on F14 with a dogtag backend without fixing the symbolic link from /usr/share/java/xalan-j2-serializer.jar to /usr/share/tomcat5/common/lib/xalan-j2-serializer.jar

rob
>From fa9366fdc141083489736a3911d50236ca7c1801 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Mon, 22 Nov 2010 10:27:34 -0500
Subject: [PATCH] Catch when we fail to get a cert chain from the CA during installation

Also don't free the XML document if it was never created.

ticket 404
---
 ipapython/dogtag.py |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py
index 96d9469..014127e 100644
--- a/ipapython/dogtag.py
+++ b/ipapython/dogtag.py
@@ -37,6 +37,7 @@ def get_ca_certchain(ca_host=None):
     conn = httplib.HTTPConnection(ca_host, api.env.ca_port)
     conn.request("GET", "/ca/ee/ca/getCertChain")
     res = conn.getresponse()
+    doc = None
     if res.status == 200:
         data = res.read()
         conn.close()
@@ -53,7 +54,10 @@ def get_ca_certchain(ca_host=None):
                 except Exception, e:
                     raise errors.RemoteRetrieveError(reason="Retrieving CA cert chain failed: %s" % str(e))
         finally:
-            doc.unlink()
+            if doc:
+                doc.unlink()
+    else:
+        raise errors.RemoteRetrieveError(reason="request failed with HTTP status %d" % res.status)
 
     return chain
 
-- 
1.7.3.1

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to