[Freeipa-devel] [PATCHES 551-552, 623-624] cert: add owner information, allow search by certificate
Jan Cholasta
jcholast at redhat.com
Tue Jun 21 05:19:19 UTC 2016
On 20.6.2016 15:31, Jan Cholasta wrote:
> On 20.6.2016 09:54, Jan Cholasta wrote:
>> On 15.6.2016 12:33, Jan Cholasta wrote:
>>> On 14.6.2016 11:44, Jan Cholasta wrote:
>>>> On 21.4.2016 09:11, Jan Cholasta wrote:
>>>>> On 6.4.2016 15:46, Pavel Vomacka wrote:
>>>>>>
>>>>>>
>>>>>> On 03/16/2016 01:50 PM, Jan Cholasta wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> the attached patches implement the server-side part of
>>>>>>> <https://fedorahosted.org/freeipa/ticket/5381>.
>>>>>>>
>>>>>>> Honza
>>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> thank you for the patches. I tested them and they work well. But I
>>>>>> would
>>>>>> like to ask you whether would be possible to extend the response of
>>>>>> 'basecert_find' method and probably also 'basecert_show' response. I
>>>>>> think of these information:
>>>>>>
>>>>>> 1) information whether the certificate is issued by our CA or not.
>>>>>
>>>>> You can check for that by comparing the issuer name of the certificate
>>>>> to "CN=Certificate Authority,$SUBJECT_BASE". You can get subject base
>>>>> from config-show.
>>>>>
>>>>>>
>>>>>> 2) this probably wouldn't be possible (as we discussed), but I rather
>>>>>> write it too - the information about revocation reason. The same as
>>>>>> the
>>>>>> 'cert_show' provides.
>>>>>
>>>>> Added --check-revocation flag to request this information.
>>>>> Currently it
>>>>> works only on certificates issued by our CA.
>>>>>
>>>>>>
>>>>>> 3) MD5 and SHA1 fingerprints as the 'cert_show' method returns
>>>>>
>>>>> Added, also included SHA-256.
>>>>>
>>>>>>
>>>>>> Thank you again.
>>>>>
>>>>> Updated patches attached.
>>>>
>>>> Updated and rebased patches attached. Requires Fraser's sub-CA patches.
>>>
>>> Attaching updated patch 623, which fixes these issues found by David:
>>> <https://paste.fedoraproject.org/378997/65913663/>.
>>
>> Updated and rebased patches attached.
>
> Attaching updated patches 552 and 623, which fix the --sizelimit option.
Updated and rebased patches attached. The --revocation-reason option now
works as expected.
--
Jan Cholasta
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-551.3-ldap-fix-handling-of-binary-data-in-search-filters.patch
Type: text/x-patch
Size: 1201 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160621/3c573315/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-552.5-cert-add-object-plugin.patch
Type: text/x-patch
Size: 30485 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160621/3c573315/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-623.4-cert-add-owner-information.patch
Type: text/x-patch
Size: 18093 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160621/3c573315/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-624.2-cert-allow-search-by-certificate.patch
Type: text/x-patch
Size: 7576 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160621/3c573315/attachment-0003.bin>
More information about the Freeipa-devel
mailing list