On Tue, Jun 14, 2016 at 07:40:12PM -0500, Endi Sukma Dewata wrote: > On 6/13/2016 9:38 PM, Fraser Tweedale wrote: > > Hi all, > > > > The attached patch fixes https://fedorahosted.org/pki/ticket/2359. > > Please review for inclusion in 10.3.3. > > > > Thanks, > > Fraser > > It looks like the initSignUnit() is only called with retrieveKeys=true in > init(). So the code that starts the key retriever thread probably can be > moved out, becoming something like this: > > initDefCaAttrs(); > > try { > initSignUnit(); > checkForNewerCert(); > > } catch (CAMissingCertException | CAMissingKeyException e) { > // start key retriever thread > > } catch (EBaseException e) { > ... > } > > I think it would clarify a little bit how the missing cert/key is handled. > Yes, that will be a nice refactor. I may send a patch for that soon.
> So if I understand correctly if the cert/key is missing the LWCA object will > still be created and registered, but it will be disabled (hasKeys=false)? > > When the key retriever thread is complete, will it automatically > reinitialize and enable the LWCA object? > Yes to both question. The bug was that an exception could be thrown when constructing the LWCA object (thus it was not registered). Key retrieval had been initiated and successfully retrieved the key, but there was no LWCA object to reinitialise. > Regardless, feel free to push the patch as is. > Thanks, pushed to master (41aef5254c20301851716ef46b614d185b33a87b) _______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel
