On Tue, Aug 30, 2016 at 10:39:16AM +0200, Jan Cholasta wrote:
> On 26.8.2016 07:42, Fraser Tweedale wrote:
> > On Fri, Aug 26, 2016 at 03:37:17PM +1000, Fraser Tweedale wrote:
> > > Hi all,
> > >
> > > Attached patch fixes https://fedorahosted.org/freeipa/ticket/6221.
> > > It depends on Honza's PR #20
> > > https://github.com/freeipa/freeipa/pull/20.
> > >
> > > Thanks,
> > > Fraser
> > >
> > It does help to attach the patch :)
> I think it would be better to call cert-find once per host-del/service-del
> with the --host/--service option specified. That way you'll get all
> certificates for the given host/service at once.
I agree that is a nicer approach.
'revoke_certs' is called from several other places besides just
host/service_del. If we want to land this fix Real Soon I'd suggest
A) Define function 'revoke_certs_from_cert_find', call it from
host/service_del, and leave 'revoke_certs' alone; or
B) Land the patch as-is and do a bigger refactor at a later time.
What do you think?
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code