Bug 467967 - exception in UpdateDomainXML is not caught by pkiremove when an invalid client cert is presented
exception in UpdateDomainXML is not caught by pkiremove when an invalid clien...
Product: Dogtag Certificate System
Classification: Community
Component: Installation Wizard (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ade Lee
Ben Levenson
Depends On:
  Show dependency treegraph
Reported: 2008-10-21 18:40 EDT by Ade Lee
Modified: 2015-06-03 10:37 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Ade Lee 2008-10-21 18:40:24 EDT
Description of problem:

Problem is actually error handling in updateDomainXML.  When an existing domain is updated, if an invalid client cert is presented, then an exception is thrown.  This exception is not caught and returned as an error to the client, resulting in a silent (unseen) failure to update the domain.

This needs to be fixed.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:
Comment 1 Ade Lee 2009-01-05 12:01:16 EST
changes checked in with 472006
Comment 2 Chandrasekar Kannan 2009-06-09 19:25:58 EDT
please provide some steps to verify
Comment 3 Ade Lee 2009-07-02 11:07:34 EDT
This error arose when I was messing around with installations and my system got a little messed up from previous failed installations.  This is a little tough to verify.  You might be able to do this ..

1. Install and configure a CA
2. Install another subsystem (say a KRA) and have it join the CA's domain.  Go through the installation steps and just before clicking to get to the last page - go into the CA console and replace the cert for the KRA agent/admin with another cert.  The cert should be the KRA subsystem cert.

Updating the security domain will fail.  Before the fix, this failure will occur silently.  After this fix, the failure should generate an exception.

Note You need to log in before you can comment on or make changes to this bug.