Re: [Pki-devel] [PATCH] 0084..0086 Lightweight CA replication support
On Fri, Mar 18, 2016 at 02:30:24PM +1000, Fraser Tweedale wrote:
Hi all,
The attached patches implement replication support for lightweight
CAs. These patches do not implement key replication via Custodia
(my next task) but they do implement the persistent search thread
and appropriate** API behaviour when the signing keys are not yet
available.
** In most cases, we respond 503 Service Unavailable; this is open
for discussion. ca-authority-find and ca-authority-show include
a boolean field indicating whether the CA is ready to sign.
There might be (probably are) endpoints I've missed.
Cheers,
Fraser
Updated patches attached - small change in patch 0084 to fix a race
condition when deleting an authority that can cause NPE.
Thanks,
Fraser
Attachments:
- pki-ftweedal-0086-2-Lightweight-CAs-indicate-when-CA-does-not-yet-have-k.patch (text/plain — 14.1 KB)
- pki-ftweedal-0085-2-Lightweight-CAs-set-DN-based-on-data-from-LDAP.patch (text/plain — 2.5 KB)
- pki-ftweedal-0084-2-Lightweight-CAs-monitor-database-for-changes.patch (text/plain — 40.9 KB)