Catch when retrieving the CA chain from dogtag fails and report a
friendlier error. Also don't try to free the XML document unless it has
been created.
To test this do an installation on F14 with a dogtag backend without
fixing the symbolic link from /usr/share/java/xalan-j2-serializer.jar to
/usr/share/tomcat5/common/lib/xalan-j2-serializer.jar
rob
>From fa9366fdc141083489736a3911d50236ca7c1801 Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Mon, 22 Nov 2010 10:27:34 -0500
Subject: [PATCH] Catch when we fail to get a cert chain from the CA during installation
Also don't free the XML document if it was never created.
ticket 404
---
ipapython/dogtag.py |6 +-
1 files changed, 5 insertions(+), 1 deletions(-)
diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py
index 96d9469..014127e 100644
--- a/ipapython/dogtag.py
+++ b/ipapython/dogtag.py
@@ -37,6 +37,7 @@ def get_ca_certchain(ca_host=None):
conn = httplib.HTTPConnection(ca_host, api.env.ca_port)
conn.request("GET", "/ca/ee/ca/getCertChain")
res = conn.getresponse()
+doc = None
if res.status == 200:
data = res.read()
conn.close()
@@ -53,7 +54,10 @@ def get_ca_certchain(ca_host=None):
except Exception, e:
raise errors.RemoteRetrieveError(reason="Retrieving CA cert chain failed: %s" % str(e))
finally:
-doc.unlink()
+if doc:
+doc.unlink()
+else:
+raise errors.RemoteRetrieveError(reason="request failed with HTTP status %d" % res.status)
return chain
--
1.7.3.1
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel