[Freeipa-devel] [RFE] CA-less install
John Dennis
jdennis at redhat.com
Wed Mar 27 15:40:08 UTC 2013
On 03/27/2013 11:23 AM, Petr Viktorin wrote:
> I don't want to check the subject because this RFE was prompted by IPA's
> normal CA rejecting valid wildcart certs. Is there a reasonable way to
> ask NSS if it will trust the cert?
Yes. NSS provides a variety of tools to test validation.
Going just on memory here, our current version of python-nss has a
simple call to test validation. Sometime in the last year I added a fair
amount of new support for certificate validation including getting back
diagnostic information for validation failures, however if I recall
correctly the extended functionality in python-nss has not been released
yet.
Finding time to work on python-nss has been a problem. This is further
complicated by the fact Mozilla has changed from CVS to Mercurial while
I had this code in development and I haven't moved over to the new
distributed SCM yet.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-devel
mailing list