[Freeipa-devel] [PATCH] 0036 Fix KRB5PrincipalName / UPN SAN comparison
Fraser Tweedale
ftweedal at redhat.com
Tue Aug 11 13:23:36 UTC 2015
On Sun, Aug 09, 2015 at 08:03:47PM +1000, Fraser Tweedale wrote:
> The attached patch fixes a bug in KRB5PrincipalName / UPN SAN
> validation.
>
> Thanks,
> Fraser
For testing this, the following `openssl req' config will serve as a
starting point; customise the names / realm as appropriate.
[ req ]
prompt = no
encrypt_key = no
distinguished_name = dn
req_extensions = exts
[ dn ]
commonName = "alice"
[ exts ]
subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:krb5principal
[ krb5principal ]
realm = EXPLICIT:0,GeneralString:IPA.LOCAL
principalname = EXPLICIT:1,SEQUENCE:principalname
[ principalname ]
nametype = EXPLICIT:0,INT:0
namestring = EXPLICIT:1,SEQUENCE:namestring
[ namestring ]
part1 = GeneralString:alice
More information about the Freeipa-devel
mailing list