<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">ACK<br>
<br>
On 09/25/14 09:19, Christina Fu wrote:<br>
</div>
<blockquote cite="mid:5424408A.7050903@redhat.com" type="cite">This
patch is for ticket:
<br>
<a class="moz-txt-link-freetext" href="https://fedorahosted.org/pki/ticket/1110">https://fedorahosted.org/pki/ticket/1110</a> - pkispawn
(configuration) does not provide CA extensions in subordinate
certificate signing requests (CSR)
<br>
<br>
It was agreed upon that this patch just needs to provide the bare
essential to do the job without anything fancy.
<br>
<br>
As a result, four new pkispawn configuration parameters are
introduced with the following default:
<br>
pki_req_ext_add=False
<br>
pki_req_ext_oid=1.3.6.1.4.1.311.20.2
<br>
pki_req_ext_critical=False
<br>
pki_req_ext_data=1E0A00530075006200430041
<br>
<br>
where pki_req_ext_add controls whether this extra request
extension is to be added or not to the csr of a CA signing cert
(by default it's False). It is available only for the "external
CA" case, and only one such extension can be added.
<br>
<br>
There is a potential that in the future we could make this
extension available for all cert requests and in multiple.
However, it is not a goal at this time for the purpose of this
patch. When the need arises, we will file a separate ticket for
it.
<br>
<br>
Thanks,
<br>
Christina
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Pki-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Pki-devel@redhat.com">Pki-devel@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pki-devel">https://www.redhat.com/mailman/listinfo/pki-devel</a></pre>
</blockquote>
<br>
</body>
</html>