<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>pushed to master:</p>
<p>commit <a class="changeset"
href="https://fedorahosted.org/pki/changeset/e00a28fcdc3e8fea920c85563a3ab26b123dda2d/"
title="Ticket #2496 Cert/Key recovery is successful when the
cert serial number ...">e00a28fcdc3e8fea920c85563a3ab26b123dda2d</a>
<br>
</p>
<p>thanks!</p>
<p>Christina<br>
</p>
<br>
<div class="moz-cite-prefix">On 10/07/2016 11:19 AM, John Magne
wrote:<br>
</div>
<blockquote
cite="mid:966405371.1472022.1475864347430.JavaMail.zimbra@redhat.com"
type="cite">
<pre wrap="">ACK
One minor issue:
The explaining text in the CS.cfg is incorrect. It has the meaning
of the new flag reverse to what is intended:
When recovering by keyid: externalReg.recover.byKeyID=false
+externalReg._024=# - keyid in record indicates actual recovery;
+externalReg._025=# e.g. (certstoadd: 36,ca1,5,kra1)
+externalReg._026=# - missing of which means retention;
+externalReg._027=# e.g. (certstoadd: 36,ca1)
+externalReg._028=# When recovering by cert: externalReg.recover.byKeyID=true
+externalReg._029=# - keyid field needs to be present
+externalReg._030=# but the value is not relevant and will be ignored
+externalReg._031=# (a "0" would be fine)
+externalReg._032=# e.g. (certstoadd: 36,ca1,0,kra1)
+externalReg._033=# - missing of keyid still means retention;
+externalReg._034=# e.g. (certstoadd: 36,ca1)
false and true for byKeID is switched.
Also, since there is a small chance of impact to certain external reg features, such as retention,
it might make sense to recommend a quick sanity test of the external reg feature after this.
In the future we might want to more strongly discourage the keyid pathway.
----- Original Message -----
</pre>
<blockquote type="cite">
<pre wrap="">From: "Christina Fu" <a class="moz-txt-link-rfc2396E" href="mailto:cfu@redhat.com"><cfu@redhat.com></a>
To: <a class="moz-txt-link-abbreviated" href="mailto:pki-devel@redhat.com">pki-devel@redhat.com</a>
Sent: Thursday, October 6, 2016 2:18:49 PM
Subject: [Pki-devel] [PATCH] pki-cfu-0153-Ticket-2496-Cert-Key-recovery-is-successful-when-the.patch
Attached please find the patch for
<a class="moz-txt-link-freetext" href="https://fedorahosted.org/pki/ticket/2496">https://fedorahosted.org/pki/ticket/2496</a> Cert/Key recovery is successful
when the cert serial number and key id on the ldap user mismatches
Description is in patch summary.
thanks,
Christina
_______________________________________________
Pki-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Pki-devel@redhat.com">Pki-devel@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pki-devel">https://www.redhat.com/mailman/listinfo/pki-devel</a>
</pre>
</blockquote>
</blockquote>
<br>
</body>
</html>