[Freeipa-devel] [PATCHES 551-552, 623-624] cert: add owner information, allow search by certificate

Pavel Vomacka pvomacka at redhat.com
Tue Jun 21 07:40:47 UTC 2016 


On 06/21/2016 08:34 AM, David Kupka wrote:
> On 21/06/16 07:19, Jan Cholasta wrote:
>> On 20.6.2016 15:31, Jan Cholasta wrote:
>>> On 20.6.2016 09:54, Jan Cholasta wrote:
>>>> On 15.6.2016 12:33, Jan Cholasta wrote:
>>>>> On 14.6.2016 11:44, Jan Cholasta wrote:
>>>>>> On 21.4.2016 09:11, Jan Cholasta wrote:
>>>>>>> On 6.4.2016 15:46, Pavel Vomacka wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>> On 03/16/2016 01:50 PM, Jan Cholasta wrote:
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> the attached patches implement the server-side part of
>>>>>>>>> <https://fedorahosted.org/freeipa/ticket/5381>.
>>>>>>>>>
>>>>>>>>> Honza
>>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> thank you for the patches. I tested them and they work well. But I
>>>>>>>> would
>>>>>>>> like to ask you whether would be possible to extend the 
>>>>>>>> response of
>>>>>>>> 'basecert_find' method and probably also 'basecert_show' 
>>>>>>>> response. I
>>>>>>>> think of these information:
>>>>>>>>
>>>>>>>> 1) information whether the certificate is issued by our CA or not.
>>>>>>>
>>>>>>> You can check for that by comparing the issuer name of the
>>>>>>> certificate
>>>>>>> to "CN=Certificate Authority,$SUBJECT_BASE". You can get subject 
>>>>>>> base
>>>>>>> from config-show.
>>>>>>>
>>>>>>>>
>>>>>>>> 2) this probably wouldn't be possible (as we discussed), but I
>>>>>>>> rather
>>>>>>>> write it too - the information about revocation reason. The 
>>>>>>>> same as
>>>>>>>> the
>>>>>>>> 'cert_show' provides.
>>>>>>>
>>>>>>> Added --check-revocation flag to request this information.
>>>>>>> Currently it
>>>>>>> works only on certificates issued by our CA.
>>>>>>>
>>>>>>>>
>>>>>>>> 3) MD5 and SHA1 fingerprints as the 'cert_show' method returns
>>>>>>>
>>>>>>> Added, also included SHA-256.
>>>>>>>
>>>>>>>>
>>>>>>>> Thank you again.
>>>>>>>
>>>>>>> Updated patches attached.
>>>>>>
>>>>>> Updated and rebased patches attached. Requires Fraser's sub-CA
>>>>>> patches.
>>>>>
>>>>> Attaching updated patch 623, which fixes these issues found by David:
>>>>> <https://paste.fedoraproject.org/378997/65913663/>.
>>>>
>>>> Updated and rebased patches attached.
>>>
>>> Attaching updated patches 552 and 623, which fix the --sizelimit 
>>> option.
>>
>> Updated and rebased patches attached. The --revocation-reason option now
>> works as expected.
>>
>>
>>
>
> Hello!
>
> Thanks for patch set. Code looks good to me and works as expected. 
> Pavel will test it with WebUI and the we can hopefully push it.
>
Hello,

Thank you for patches. Works as expected also in WebUI, so we can push it.

--
Pavel^3 Vomacka

More information about the Freeipa-devel mailing list