[Freeipa-devel] [PATCH] 315 Convert external CA chain to PKCS#7 before passing it to pkispawn
Jan Cholasta
jcholast at redhat.com
Fri Aug 8 09:50:51 UTC 2014
Dne 8.8.2014 v 11:20 Martin Kosek napsal(a):
> On 08/08/2014 10:55 AM, Jan Cholasta wrote:
>> Hi,
>>
>> the attached patch fixes <https://fedorahosted.org/freeipa/ticket/4397>.
>>
>> Honza
>
> Thanks! I did not test, just have couple questions/suggestions:
>
> 1) Are we testing that the certificate is in proper format, e.g. is not PKCS7
> already? We need to error out properly then
Yes, in ipa-server-install.
>
> 2) Are ipa-server-install --help options as informative as possible?
> --external-ca installation is tricky, we need to make sure that is no doubt
> about what the input is.
I amended them a little bit.
>
> 3) We may want to add instructions how to convert PKCS#7 -> PEM to "man
> ipa-server-install" too.
Added.
>
> Martin
>
Updated patch attached.
--
Jan Cholasta
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-315.1-Convert-external-CA-chain-to-PKCS-7-before-passing-i.patch
Type: text/x-patch
Size: 4320 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140808/9220b010/attachment.bin>
More information about the Freeipa-devel
mailing list