[Freeipa-devel] [PATCHES 551-552, 623-624] cert: add owner information, allow search by certificate
Jan Cholasta
jcholast at redhat.com
Tue Jun 14 09:44:54 UTC 2016
On 21.4.2016 09:11, Jan Cholasta wrote:
> On 6.4.2016 15:46, Pavel Vomacka wrote:
>>
>>
>> On 03/16/2016 01:50 PM, Jan Cholasta wrote:
>>> Hi,
>>>
>>> the attached patches implement the server-side part of
>>> <https://fedorahosted.org/freeipa/ticket/5381>.
>>>
>>> Honza
>>>
>> Hi,
>>
>> thank you for the patches. I tested them and they work well. But I would
>> like to ask you whether would be possible to extend the response of
>> 'basecert_find' method and probably also 'basecert_show' response. I
>> think of these information:
>>
>> 1) information whether the certificate is issued by our CA or not.
>
> You can check for that by comparing the issuer name of the certificate
> to "CN=Certificate Authority,$SUBJECT_BASE". You can get subject base
> from config-show.
>
>>
>> 2) this probably wouldn't be possible (as we discussed), but I rather
>> write it too - the information about revocation reason. The same as the
>> 'cert_show' provides.
>
> Added --check-revocation flag to request this information. Currently it
> works only on certificates issued by our CA.
>
>>
>> 3) MD5 and SHA1 fingerprints as the 'cert_show' method returns
>
> Added, also included SHA-256.
>
>>
>> Thank you again.
>
> Updated patches attached.
Updated and rebased patches attached. Requires Fraser's sub-CA patches.
--
Jan Cholasta
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-551.2-ldap-fix-handling-of-binary-data-in-search-filters.patch
Type: text/x-patch
Size: 1201 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160614/a7efb885/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-552.2-cert-add-object-plugin.patch
Type: text/x-patch
Size: 30439 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160614/a7efb885/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-623-cert-add-owner-information.patch
Type: text/x-patch
Size: 18007 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160614/a7efb885/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-624-cert-allow-search-by-certificate.patch
Type: text/x-patch
Size: 7684 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160614/a7efb885/attachment-0003.bin>
More information about the Freeipa-devel
mailing list