Re: [Pki-devel] [PATCH] 0123 Do not attempt cert update unless signing key is present

On 6/13/2016 9:38 PM, Fraser Tweedale wrote: It looks like the initSignUnit() is only called with retrieveKeys=true in init(). So the code that starts the key retriever thread probably can be moved out, becoming something like this: initDefCaAttrs(); try { initSignUnit(); checkForNewerCert(); } catch (CAMissingCertException | CAMissingKeyException e) { // start key retriever thread } catch (EBaseException e) { ... } I think it would clarify a little bit how the missing cert/key is handled. So if I understand correctly if the cert/key is missing the LWCA object will still be created and registered, but it will be disabled (hasKeys=false)? When the key retriever thread is complete, will it automatically reinitialize and enable the LWCA object? Regardless, feel free to push the patch as is. -- Endi S. Dewata