[Freeipa-devel] [PATCH] 0036 Fix KRB5PrincipalName / UPN SAN comparison
Martin Basti
mbasti at redhat.com
Tue Aug 11 15:32:56 UTC 2015
On 11/08/15 15:31, Martin Babinsky wrote:
> On 08/11/2015 03:23 PM, Fraser Tweedale wrote:
>> On Sun, Aug 09, 2015 at 08:03:47PM +1000, Fraser Tweedale wrote:
>>> The attached patch fixes a bug in KRB5PrincipalName / UPN SAN
>>> validation.
>>>
>>> Thanks,
>>> Fraser
>>
>> For testing this, the following `openssl req' config will serve as a
>> starting point; customise the names / realm as appropriate.
>>
>> [ req ]
>> prompt = no
>> encrypt_key = no
>>
>> distinguished_name = dn
>> req_extensions = exts
>>
>> [ dn ]
>> commonName = "alice"
>>
>> [ exts ]
>> subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:krb5principal
>>
>> [ krb5principal ]
>> realm = EXPLICIT:0,GeneralString:IPA.LOCAL
>> principalname = EXPLICIT:1,SEQUENCE:principalname
>>
>> [ principalname ]
>> nametype = EXPLICIT:0,INT:0
>> namestring = EXPLICIT:1,SEQUENCE:namestring
>>
>> [ namestring ]
>> part1 = GeneralString:alice
>>
>
> Thank for help, I'm ASN.1 n00b.
>
> ACK.
>
Pushed to:
master: ba7e5df19433faddc1369a26824e7fc6efd7f983
ipa-4-2: 58cf1cd65fc1e8d02a8b5f43fd5157786e232486
--
Martin Basti
More information about the Freeipa-devel
mailing list