Nalin Dahyabhai wrote:
This is a stab at fixing #1252 - teaching the RA to handle cases where the local server isn't a CA.When the RA is about to submit a signing request to a CA, it currently assumes that the CA is colocated. This modifies its behavior so that the first time it needs to submit a signing request, it: 1. Checks if the configured ca_host is actually a CA. If it is, use it. 2. Checks if the local host (if it's not also the configured ca_host) is a CA. If it is, use it. 3. Checks if there are any CAs in the domain. If there are, select one of them at random and use it. 4. Give up, behave as before, and let the error we previously would have gotten for trying to submit a signing request to a non-CA happen. Nalin
Ack, pushed to master. rob _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
