The attached patch removes a workaround introduced as part of
https://fedorahosted.org/freeipa/ticket/4676.

Alternatively, if we want to keep the "workaround" I will submit a
different patch that removes unused code and FIXME comments :)

Cheers,
Fraser
From df99d69569ddc173c7495eb5cd85133079a24ba9 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftwee...@redhat.com>
Date: Wed, 20 Jan 2016 18:35:15 +1100
Subject: [PATCH] Remove workaround for CA running check

A workaround was introduced for ticket #4676 that used wget to
perform an (unauthenticated) https request to check the CA status.
Later, wget was changed to curl (the request remained
unauthenticated).

Remove the workaround and use an http request (no TLS) to check the
CA status.  Also remove the now-unused unauthenticated_http_request
method.

https://fedorahosted.org/freeipa/ticket/4676
---
 ipaplatform/redhat/services.py | 25 +------------------------
 ipapython/dogtag.py            | 25 +++----------------------
 2 files changed, 4 insertions(+), 46 deletions(-)

diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py
index 
11292fa4912844db78899d779b84104288e469dc..3c18dbc3c1274ef3852abef5f054b4e37e6b32fa
 100644
--- a/ipaplatform/redhat/services.py
+++ b/ipaplatform/redhat/services.py
@@ -199,30 +199,7 @@ class RedHatCAService(RedHatService):
         op_timeout = time.time() + timeout
         while time.time() < op_timeout:
             try:
-                # FIXME https://fedorahosted.org/freeipa/ticket/4716
-                # workaround
-                #
-                # status = dogtag.ca_status(use_proxy=use_proxy)
-                #
-                port = 8443
-
-                url = "https://%(host_port)s%(path)s" % {
-                    "host_port": ipautil.format_netloc(api.env.ca_host, port),
-                    "path": "/ca/admin/ca/getStatus"
-                }
-
-                args = [
-                    paths.BIN_CURL,
-                    '-o', '-',
-                    '--connect-timeout', '30',
-                    '-k',
-                    url
-                ]
-
-                result = ipautil.run(args, capture_output=True)
-
-                status = dogtag._parse_ca_status(result.output)
-                # end of workaround
+                status = dogtag.ca_status()
             except Exception as e:
                 status = 'check interrupted due to error: %s' % e
             root_logger.debug('The CA status is: %s' % status)
diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py
index 
1cb74719c4ce2cc97c54dc7bebfa4b32ceee14a1..6f13880026e9e6043649405245c9cd50a826f652
 100644
--- a/ipapython/dogtag.py
+++ b/ipapython/dogtag.py
@@ -103,7 +103,7 @@ def _parse_ca_status(body):
         raise error_from_xml(doc, _("Retrieving CA status failed: %s"))
 
 
-def ca_status(ca_host=None, use_proxy=True):
+def ca_status(ca_host=None):
     """Return the status of the CA, and the httpd proxy in front of it
 
     The returned status can be:
@@ -113,13 +113,8 @@ def ca_status(ca_host=None, use_proxy=True):
     """
     if ca_host is None:
         ca_host = api.env.ca_host
-    if use_proxy:
-        # Use port 443 to test the proxy as well
-        ca_port = 443
-    else:
-        ca_port = 8443
-    status, headers, body = unauthenticated_https_request(
-        ca_host, ca_port, '/ca/admin/ca/getStatus')
+    status, headers, body = http_request(
+        ca_host, 8080, '/ca/admin/ca/getStatus')
     if status == 503:
         # Service temporarily unavailable
         return status
@@ -175,20 +170,6 @@ def http_request(host, port, url, **kw):
         'http', host, port, url, httplib.HTTPConnection, body)
 
 
-def unauthenticated_https_request(host, port, url, **kw):
-    """
-    :param url: The path (not complete URL!) to post to.
-    :param kw: Keyword arguments to encode into POST body.
-    :return:   (http_status, http_headers, http_body)
-                as (integer, dict, str)
-
-    Perform an unauthenticated HTTPS request.
-    """
-    body = urlencode(kw)
-    return _httplib_request(
-        'https', host, port, url, httplib.HTTPSConnection, body)
-
-
 def _httplib_request(
         protocol, host, port, path, connection_factory, request_body,
         method='POST', headers=None):
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to