[Freeipa-devel] [PATCH] cert-show: show subject alternative names
Fraser Tweedale
ftweedal at redhat.com
Tue Jul 19 07:03:52 UTC 2016
On Tue, Jul 19, 2016 at 08:50:34AM +0200, Jan Cholasta wrote:
> Hi,
>
> On 14.7.2016 13:44, Fraser Tweedale wrote:
> > Hi all,
> >
> > The attached patch includes SANs in cert-show output. If you have
> > certs with esoteric altnames (especially any that are more than just
> > ASN.1 string types), please test with those certs.
> >
> > https://fedorahosted.org/freeipa/ticket/6022
>
> I think it would be better to have a separate attribute for each supported
> SAN type rather than cramming everything into subject_alt_name. That way if
> you care only about a single specific type you won't have to go through all
> the values and parse them. Also it would allow you to use param types
> appropriate to the SAN types (DNSNameParam for DNS names, Principal for
> principal names, etc.)
>
You are right; that would be much better.
> Nitpick: please don't mix moving existing stuff and adding new stuff in a
> single patch.
>
Will cut new patches to address both of these points.
Thanks,
Fraser
More information about the Freeipa-devel
mailing list