[Freeipa-devel] [PATCH] 0086 Add --ca option to cert-status

Jan Cholasta jcholast at redhat.com
Fri Jul 1 08:05:48 UTC 2016 

On 1.7.2016 08:57, Jan Cholasta wrote:
> On 1.7.2016 06:54, Jan Cholasta wrote:
>> On 1.7.2016 06:47, Fraser Tweedale wrote:
>>> On Fri, Jul 01, 2016 at 05:55:35AM +0200, Jan Cholasta wrote:
>>>> On 29.6.2016 12:18, Jan Cholasta wrote:
>>>>> On 29.6.2016 10:47, Fraser Tweedale wrote:
>>>>>> On Wed, Jun 29, 2016 at 10:04:05AM +0200, Jan Cholasta wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> On 29.6.2016 06:11, Fraser Tweedale wrote:
>>>>>>>> Dear team,
>>>>>>>>
>>>>>>>> The attached patch implements the --ca option for the rest of the
>>>>>>>> cert-blah commands (https://fedorahosted.org/freeipa/ticket/5999).
>>>>>>>
>>>>>>> 1) I don't think cert-status should be treated specially. The
>>>>>>> operation to
>>>>>>> check status of a certificate request is not specific to Dogtag.
>>>>>>>
>>>>>> I'm happy to add the option, with the caveat that because (of top of
>>>>>> head) there is not (yet) a way in Dogtag to distinguish/filter
>>>>>> requests by target CA, value may go unused.
>>>>>
>>>>> IMO that's OK, since it's a safe non-descructive operation.
>>>>>
>>>>>>
>>>>>>>
>>>>>>> 2) cert-show is called twice in cert-revoke. Can we call it just
>>>>>>> once?
>>>>>>>
>>>>>> I'll address this in next patchset.
>>>>>
>>>>> OK.
>>>>
>>>> ACK on the first version of the patch, since it's better than
>>>> nothing. The
>>>> ticket remains open, please fix the rest ASAP.
>>>>
>>>> Added VERSION bump and pushed to master:
>>>> ffb1f5b1f24f0de30529d50f8c8dfb9a896c149e
>>>>
>>>> Honza
>>>>
>>> New patch 0086 attached, adding the option to cert-status command.
>>
>> Thanks. We could at least check if the specified CA exists, couldn't we?
>
> To speed things up, I have updated your patch with this, see the
> attachment.
>
> If the change looks good to you, we can push the patch.

Your original patch works for me, ACK. My change can be pushed under the 
one-liner rule, so pushing them combined in the modified patch.

Pushed to master: 4844eaec197690e21c6cf44743df7f456d0e185d

>
>>
>>>
>>> (2) will be addressed later due to conflicts with other patches (or
>>> maybe as part of those other patches).
>>
>> OK.
>>
>>>
>>> Thanks,
>>> Fraser
>>>
>>
>>
>
>
>
>


-- 
Jan Cholasta

More information about the Freeipa-devel mailing list