This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.

*** Bug 853857 has been marked as a duplicate of this bug. ***

commit 476d17a29088e9cc9d6a5094bd2cd586f3f49c44
Author: Adrian Likins <alikins>
Date:   Wed Sep 5 11:40:07 2012 -0400

    Add test cases for certmgr.py (and make certlib testable)
    
    852706 needed tests cases, and there was almost
    no coverage of certmgr.py
    
    The various *Lib and *Action classes create a ActionLock()
    during at class parse time (ie, before the init runs) so
    we can't really mock out ActionLock. So change certlib
    to pass in it's own lock to it's invocation of CertLib.
    
    Note: Those ActionLock() invocations need to go away, or
    at least, lock should be a class attribute populated with
    a ActionLock(), at least that way we would have a reference to
    it.

commit 69be79cdb26a2a1a2b4ea792d27c1a851af9f2fb
Author: Adrian Likins <alikins>
Date:   Wed Sep 5 11:37:55 2012 -0400

    852706: Fix server side certs not being deleted client side
    
    On a candlepin side consumer cert deletion, we return a
    410/GoneException, which certmgr was catching and swallowing.
    Let that exception bubble up so we handle the GoneException
    properly.

Verifying Version...
[root@jsefler-rhel59 ~]# rpm -q subscription-manager python-rhsm
subscription-manager-1.0.23-1.el5
python-rhsm-1.0.10-1.el5


[root@jsefler-rhel59 ~]# subscription-manager register --username=testuser1 --org=admin --serverurl=jsefler-f14-candlepin.usersys.redhat.com:8443/candlepin
Password: 
The system has been registered with id: 37da6f5a-43ed-4940-9f07-fd86563ca009 
[root@jsefler-rhel59 ~]# subscription-manager list --avail | grep "Pool Id" | head -2
Pool Id:              	8a90f81d3a713d64013a7384365e7973
Pool Id:              	8a90f81d3a713d64013a713faa5704cc
[root@jsefler-rhel59 ~]# subscription-manager subscribe --pool 8a90f81d3a713d64013a7384365e7973 --pool 8a90f81d3a713d64013a713faa5704cc
Successfully consumed a subscription for: The "Ultimate SLA" service level subscription
Successfully consumed a subscription for: Shared File System
[root@jsefler-rhel59 ~]# subscription-manager identity
Current identity is: 37da6f5a-43ed-4940-9f07-fd86563ca009
name: jsefler-rhel59.usersys.redhat.com
org name: Admin Owner
org id: admin
[root@jsefler-rhel59 ~]# ls -l /etc/pki/entitlement/
total 32
-rw------- 1 root root 1679 Oct 18 13:58 5867571267558982210-key.pem
-rw-r--r-- 1 root root 1944 Oct 18 13:58 5867571267558982210.pem
-rw------- 1 root root 1679 Oct 18 13:58 7098429472854166482-key.pem
-rw-r--r-- 1 root root 1956 Oct 18 13:58 7098429472854166482.pem
[root@jsefler-rhel59 ~]#  curl --stderr /dev/null --insecure --user admin:*** --request DELETE https://jsefler-f14-candlepin.usersys.redhat.com:8443/candlepin/consumers/37da6f5a-43ed-4940-9f07-fd86563ca009
[root@jsefler-rhel59 ~]# subscription-manager identity
Consumer 37da6f5a-43ed-4940-9f07-fd86563ca009 has been deleted
[root@jsefler-rhel59 ~]# service rhsmcertd restart
Stopping rhsmcertd...                                      [  OK  ]
Starting rhsmcertd...                                      [  OK  ]
[root@jsefler-rhel59 ~]# subscription-manager identity
Consumer 37da6f5a-43ed-4940-9f07-fd86563ca009 has been deleted
[root@jsefler-rhel59 ~]# 
[root@jsefler-rhel59 ~]# 

*************************************
IMPORTANT: Notice that immediately after we restarted rhsmcertd above, subscription-manager identity continues to report that the consumer has been deleted.  Due to a change in bug 818978, we must now wait 2 minutes for rhsmcertd to trigger the first cert check.  Waiting 2 minutes...
*************************************

[root@jsefler-rhel59 ~]# 
[root@jsefler-rhel59 ~]# 
[root@jsefler-rhel59 ~]# subscription-manager identity
This system is not yet registered. Try 'subscription-manager register --help' for more information.
[root@jsefler-rhel59 ~]# ls /etc/pki/consumer
ls: /etc/pki/consumer: No such file or directory
[root@jsefler-rhel59 ~]# ls /etc/pki/consumer.old/
cert.pem  key.pem
[root@jsefler-rhel59 ~]# ls /etc/pki/entitlement/
[root@jsefler-rhel59 ~]# 


VERIFIED: After restarting rhsmcertd and waiting 2 minutes, rhsmcertd handles a GoneException and then moves /etc/pki/consumer to /etc/pki/consumer.old/ and the /etc/pki/entitlement/ is emptied.

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0033.html