[Freeipa-devel] [PATCH] cert-show: show subject alternative names
Jan Cholasta
jcholast at redhat.com
Tue Jul 19 06:50:34 UTC 2016
Hi,
On 14.7.2016 13:44, Fraser Tweedale wrote:
> Hi all,
>
> The attached patch includes SANs in cert-show output. If you have
> certs with esoteric altnames (especially any that are more than just
> ASN.1 string types), please test with those certs.
>
> https://fedorahosted.org/freeipa/ticket/6022
I think it would be better to have a separate attribute for each
supported SAN type rather than cramming everything into
subject_alt_name. That way if you care only about a single specific type
you won't have to go through all the values and parse them. Also it
would allow you to use param types appropriate to the SAN types
(DNSNameParam for DNS names, Principal for principal names, etc.)
Nitpick: please don't mix moving existing stuff and adding new stuff in
a single patch.
Honza
--
Jan Cholasta
More information about the Freeipa-devel
mailing list