[Freeipa-devel] [PATCH] 240 Better cert nickname handling
Jason Gerard DeRose
jderose at redhat.com
Thu Jul 23 19:54:19 UTC 2009
On Thu, 2009-07-23 at 12:25 -0400, Rob Crittenden wrote:
> A few issues were found in the way we identify the root cert to trust
> when importing PKCS#12 files. The regex was not specific enough and
> there is no need to explicitly trust root CAs that are built into NSS.
>
> I also did a little bit of code cleanup to add logging and remove an
> unused import.
>
> And finally, I added a bit of code that should help a basic install on
> Fedora 11. The certutil on Fedora 11 doesn't return untrusted CAs in its
> -O output. This will fix the self-signed IPA default CA case anway.
>
> If acked I'll push a similar patch to the 1-2 branch as well. We lack
> the self-signed CA awareness so I'm not sure how I'm going to tackle
> that yet but I suspect that I'll simply make it the default if no CA is
> found (along with a log entry saying so).
>
> rob
ack. pushed to master.
More information about the Freeipa-devel
mailing list