[Freeipa-devel] [RFE] CA-less install
John Dennis
jdennis at redhat.com
Wed Mar 27 17:01:58 UTC 2013
On 03/27/2013 12:44 PM, Petr Viktorin wrote:
> On 03/27/2013 04:40 PM, John Dennis wrote:
>> On 03/27/2013 11:23 AM, Petr Viktorin wrote:
>>> I don't want to check the subject because this RFE was prompted by IPA's
>>> normal CA rejecting valid wildcart certs. Is there a reasonable way to
>>> ask NSS if it will trust the cert?
>>
>> Yes. NSS provides a variety of tools to test validation.
>
> Thanks! I'll take a look at it again.
>
>> Going just on memory here, our current version of python-nss has a
>> simple call to test validation. Sometime in the last year I added a fair
>> amount of new support for certificate validation including getting back
>> diagnostic information for validation failures, however if I recall
>> correctly the extended functionality in python-nss has not been released
>> yet.
>
> I'll add verify_hostname from the validation example; if there's
> anything else please give me a pointer -- I haven't read all the docs, yet.
>
doc/examples/verify_server.py
test/test_client_server.py
illustrate example usage.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-devel
mailing list