On 12/10/2012 05:01 PM, Martin Kosek wrote:
On 12/10/2012 03:53 PM, Lynn Root wrote:
Raise ACI error when CSR does not have a subject hostname.


Why an ACIError? I know there are are a lot of ACIErrors thrown in cert-request
command processing, but they are all related to authorization of the request.
In this case, this is rather a missing required field of the CSR, so
ValidationError may be a better choice.


I elected ACIError simply because the immediately following ACIError raises the issue that hostname of principal doesn't match the subject hostname of the CSR - seemed a similar case of "doesn't match" with "doesn't exists." But right - it's not related to Auth.

Would ValidationError be appropriate, or would RequirementError or NotFound be more so?

Lynn Root

Associate Software Engineer
Red Hat, Inc

Freeipa-devel mailing list

Reply via email to