Commit f405eb2d authored by Leigh B Stoller's avatar Leigh B Stoller
Browse files

Fix for "orphaned certificate" warnings we got this week.

So this happened twice this week. Two Utah Emulab users, starting a
sliver at the Utah Emulab CM. Basically, while Flack was starting up a
sliver for the user, they decided to log into the web interface and
recreate their encrypted certificates. So they register a slice, and
Flack gets the slice certificate. Then the user changes their
certificate on Emulab. The CM notices that the certificate in the
slice credential and the certificate the user presented are
different. For a nonlocal user we want to update our record (dubious
on its own), but for a local user we really do not want to do

Users do wacky things.
parent 27a33722
......@@ -5144,6 +5144,15 @@ sub CreateUserFromCertificate($)
return $user
if ($certificate->SameCert($user));
# Oh, but if this is a local user, we already have the
# updated certificate in the DB (we get it from tbdb),
# so no point in changing and we do not want to store it!
if ($user->IsLocal()) {
return $user;
# Replace the user certificate. I think this is okay, since we
# do not sign anything with the user key anyway. As long as we
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment