[Freeipa-devel] [PATCH] 0038 cert-request: remove allowed extensions check
Jan Cholasta
jcholast at redhat.com
Thu Aug 13 10:55:39 UTC 2015
Hi,
On 13.8.2015 07:54, Fraser Tweedale wrote:
> The attached patch fixes
> https://fedorahosted.org/freeipa/ticket/5205
Simo wrote this some time ago in a (private) discussion about CSR
extensions:
On 23.1.2014 18:58, Simo Sorce wrote:
> Regardless of which tool we use, I really think we need an API that will
> list all the extensions, whether they are understood or not, and then we
> need to proceed and check that only 'acceptable' extensions are passed
> in. Dogtag will do extra validation for sure, but given IPA does access
> control, then IPA needs to be sure of what it is checking.
Simo, does this still hold? Fraser's patch removes the check. Is it OK
or not?
Honza
--
Jan Cholasta
More information about the Freeipa-devel
mailing list