[Freeipa-devel] [PATCHES 551-552, 623-624] cert: add owner information, allow search by certificate

Jan Cholasta jcholast at redhat.com
Tue Jun 21 07:45:51 UTC 2016 

On 21.6.2016 09:40, Pavel Vomacka wrote:
>
>
> On 06/21/2016 08:34 AM, David Kupka wrote:
>> On 21/06/16 07:19, Jan Cholasta wrote:
>>> On 20.6.2016 15:31, Jan Cholasta wrote:
>>>> On 20.6.2016 09:54, Jan Cholasta wrote:
>>>>> On 15.6.2016 12:33, Jan Cholasta wrote:
>>>>>> On 14.6.2016 11:44, Jan Cholasta wrote:
>>>>>>> On 21.4.2016 09:11, Jan Cholasta wrote:
>>>>>>>> On 6.4.2016 15:46, Pavel Vomacka wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 03/16/2016 01:50 PM, Jan Cholasta wrote:
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> the attached patches implement the server-side part of
>>>>>>>>>> <https://fedorahosted.org/freeipa/ticket/5381>.
>>>>>>>>>>
>>>>>>>>>> Honza
>>>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> thank you for the patches. I tested them and they work well. But I
>>>>>>>>> would
>>>>>>>>> like to ask you whether would be possible to extend the
>>>>>>>>> response of
>>>>>>>>> 'basecert_find' method and probably also 'basecert_show'
>>>>>>>>> response. I
>>>>>>>>> think of these information:
>>>>>>>>>
>>>>>>>>> 1) information whether the certificate is issued by our CA or not.
>>>>>>>>
>>>>>>>> You can check for that by comparing the issuer name of the
>>>>>>>> certificate
>>>>>>>> to "CN=Certificate Authority,$SUBJECT_BASE". You can get subject
>>>>>>>> base
>>>>>>>> from config-show.
>>>>>>>>
>>>>>>>>>
>>>>>>>>> 2) this probably wouldn't be possible (as we discussed), but I
>>>>>>>>> rather
>>>>>>>>> write it too - the information about revocation reason. The
>>>>>>>>> same as
>>>>>>>>> the
>>>>>>>>> 'cert_show' provides.
>>>>>>>>
>>>>>>>> Added --check-revocation flag to request this information.
>>>>>>>> Currently it
>>>>>>>> works only on certificates issued by our CA.
>>>>>>>>
>>>>>>>>>
>>>>>>>>> 3) MD5 and SHA1 fingerprints as the 'cert_show' method returns
>>>>>>>>
>>>>>>>> Added, also included SHA-256.
>>>>>>>>
>>>>>>>>>
>>>>>>>>> Thank you again.
>>>>>>>>
>>>>>>>> Updated patches attached.
>>>>>>>
>>>>>>> Updated and rebased patches attached. Requires Fraser's sub-CA
>>>>>>> patches.
>>>>>>
>>>>>> Attaching updated patch 623, which fixes these issues found by David:
>>>>>> <https://paste.fedoraproject.org/378997/65913663/>.
>>>>>
>>>>> Updated and rebased patches attached.
>>>>
>>>> Attaching updated patches 552 and 623, which fix the --sizelimit
>>>> option.
>>>
>>> Updated and rebased patches attached. The --revocation-reason option now
>>> works as expected.
>>>
>>>
>>>
>>
>> Hello!
>>
>> Thanks for patch set. Code looks good to me and works as expected.
>> Pavel will test it with WebUI and the we can hopefully push it.
>>
> Hello,
>
> Thank you for patches. Works as expected also in WebUI, so we can push it.

The word you are looking for is "ACK" ;-)

Thanks, pushed to master: b00dbca98fee86f0c7584f1f37db376db9a57566

-- 
Jan Cholasta

More information about the Freeipa-devel mailing list