Description of problem: I'm accessing bits of the CA directly by issuing remote authenticated requests. If I revoke a non-existent certificate I get a generic error, not a "unknown certificate" error. For example, I issue this request to revoke a non-issued certificate: https://catest.example.com:9444/ca/agent/ca/doRevoke POST /ca/agent/ca/doRevoke HTTP/1.1 Host: catest.example.com:9444 Accept-Encoding: identity Content-Length: 81 Content-type: application/x-www-form-urlencoded Accept: text/plain revocationReason=0&totalRecordCount=1&revokeAll=%28certRecordId%3D99%29&op=revoke The error is: fixed.errorDetails = "Error encountered while marking certificate revoked."; fixed.authorityName = "Certificate Manager"; Not particularly helpful. What error occurred?
Created attachment 369801 [details] proposed fix
attachment (id=369801) +mharmsen
svn commit pki/base/common/src/LogMessages_en.properties Sending pki/base/common/src/LogMessages_en.properties Transmitting file data . Committed revision 823. svn commit pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java Sending pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java Transmitting file data . Committed revision 824.
In case were no certificate was found to be revoked, error message: "Error encountered while marking certificate revoked." was replaced with "Attempt to revoke non-existent certificate(s).".
Verified. CS8.1 nightly(4-Dec-2010) ; x86_64 RHEL5.6 nightly ; x86_64 Procedure: (1)Disable random nonces securing access by setting `ca.enableNonces=false` in CS.cfg (2)Try to revoke a non-existent cert (99) by invoking the doRevoke servlet url as below ################################## [root@iceberg ~]# grep -i enableNnonce /var/lib/pki-ca1/conf/CS.cfg ca.enableNonces=false [root@iceberg ~]# ################################# https://iceberg.pnq.redhat.com:35333/ca/agent/ca/doRevoke?op=doRevoke&revocationReason=0&revokeAll=%28certRecordId=99%29&op=revoke ################################# Result: (as expected) Attempt to revoke non-existent certificate(s)