[Freeipa-devel] [PATCH] 0086 Add --ca option to cert-status
Jan Cholasta
jcholast at redhat.com
Fri Jul 1 04:54:11 UTC 2016
On 1.7.2016 06:47, Fraser Tweedale wrote:
> On Fri, Jul 01, 2016 at 05:55:35AM +0200, Jan Cholasta wrote:
>> On 29.6.2016 12:18, Jan Cholasta wrote:
>>> On 29.6.2016 10:47, Fraser Tweedale wrote:
>>>> On Wed, Jun 29, 2016 at 10:04:05AM +0200, Jan Cholasta wrote:
>>>>> Hi,
>>>>>
>>>>> On 29.6.2016 06:11, Fraser Tweedale wrote:
>>>>>> Dear team,
>>>>>>
>>>>>> The attached patch implements the --ca option for the rest of the
>>>>>> cert-blah commands (https://fedorahosted.org/freeipa/ticket/5999).
>>>>>
>>>>> 1) I don't think cert-status should be treated specially. The
>>>>> operation to
>>>>> check status of a certificate request is not specific to Dogtag.
>>>>>
>>>> I'm happy to add the option, with the caveat that because (of top of
>>>> head) there is not (yet) a way in Dogtag to distinguish/filter
>>>> requests by target CA, value may go unused.
>>>
>>> IMO that's OK, since it's a safe non-descructive operation.
>>>
>>>>
>>>>>
>>>>> 2) cert-show is called twice in cert-revoke. Can we call it just once?
>>>>>
>>>> I'll address this in next patchset.
>>>
>>> OK.
>>
>> ACK on the first version of the patch, since it's better than nothing. The
>> ticket remains open, please fix the rest ASAP.
>>
>> Added VERSION bump and pushed to master:
>> ffb1f5b1f24f0de30529d50f8c8dfb9a896c149e
>>
>> Honza
>>
> New patch 0086 attached, adding the option to cert-status command.
Thanks. We could at least check if the specified CA exists, couldn't we?
>
> (2) will be addressed later due to conflicts with other patches (or
> maybe as part of those other patches).
OK.
>
> Thanks,
> Fraser
>
--
Jan Cholasta
More information about the Freeipa-devel
mailing list