[Freeipa-devel] [PATCH] 0001 cert-show: Remove check if hostname != CN
Rob Crittenden
rcritten at redhat.com
Fri Oct 9 12:39:10 UTC 2015
Jan Orel wrote:
> Hello,
>
> this patch removes (IMHO) redundat check in cert_show, which fails when
> host tries to re-submit certificate of different host/service which he
> can manage.
>
> I also reported the bug here:
> https://bugzilla.redhat.com/show_bug.cgi?id=1269089
>
> I tired to run the tests as well and it doesn't seem to break anything.
> Any feedpack appriciated.
This works around the "Retrieve Certificates from the CA" ACL when done
as a host.
I guess if the hostname isn't the subject then the host for the subject
needs to be read and then look to see if hostname is in the managed_by list.
rob
More information about the Freeipa-devel
mailing list