[Freeipa-devel] [PATCH] 290 set cert_t context on some files for selfsign plugin
John Dennis
jdennis at redhat.com
Thu Oct 8 21:59:54 UTC 2009
On 10/08/2009 05:22 PM, Rob Crittenden wrote:
> John Dennis wrote:
>> Thanks Rob. BTW, I was going to add a try/except block around that
>> code in selfsign and return a non-zero status if it fails. Do we have
>> predefined status codes I should be using?
>>
>
> I'm assuming you mean around the certs.next_serial() call?
yes
> Not really sure. This is really a "server blew up" sort of error, I'm
> not sure what the best thing to return to the client is in this case. I
> think something that says "the server is hosed, you can't fix it from
> there" sort of error would be nice. AFAIK we don't currently define such
> a beastie.
Well, looking at errors.py it looks like it should be an ExecutionError
in the 4000-4999 range. How about adding
UnableToCompleteCertificateOperation as a generic error for any
certificate operation we can't run to completion, then do a log.error
message with the specific failure. The errno associated with
UnableToCompleteCertificateOperation can be returned whenever we hit
some unexpected error related to certificate operations, it will be
generic enough to cover a range of cases without exposing the reason for
the fault and the server log file will contain the detail. How does that
sound?
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-devel
mailing list