Red Hat Bugzilla – Bug 467967
exception in UpdateDomainXML is not caught by pkiremove when an invalid client cert is presented
Last modified: 2015-06-03 10:37:56 EDT
Description of problem:
Problem is actually error handling in updateDomainXML. When an existing domain is updated, if an invalid client cert is presented, then an exception is thrown. This exception is not caught and returned as an error to the client, resulting in a silent (unseen) failure to update the domain.
This needs to be fixed.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
changes checked in with 472006
please provide some steps to verify
This error arose when I was messing around with installations and my system got a little messed up from previous failed installations. This is a little tough to verify. You might be able to do this ..
1. Install and configure a CA
2. Install another subsystem (say a KRA) and have it join the CA's domain. Go through the installation steps and just before clicking to get to the last page - go into the CA console and replace the cert for the KRA agent/admin with another cert. The cert should be the KRA subsystem cert.
Updating the security domain will fail. Before the fix, this failure will occur silently. After this fix, the failure should generate an exception.