[Freeipa-devel] [PATCHES 551-552] ipalib: add basecert plugins
Jan Cholasta
jcholast at redhat.com
Thu Apr 21 07:11:34 UTC 2016
On 6.4.2016 15:46, Pavel Vomacka wrote:
>
>
> On 03/16/2016 01:50 PM, Jan Cholasta wrote:
>> Hi,
>>
>> the attached patches implement the server-side part of
>> <https://fedorahosted.org/freeipa/ticket/5381>.
>>
>> Honza
>>
> Hi,
>
> thank you for the patches. I tested them and they work well. But I would
> like to ask you whether would be possible to extend the response of
> 'basecert_find' method and probably also 'basecert_show' response. I
> think of these information:
>
> 1) information whether the certificate is issued by our CA or not.
You can check for that by comparing the issuer name of the certificate
to "CN=Certificate Authority,$SUBJECT_BASE". You can get subject base
from config-show.
>
> 2) this probably wouldn't be possible (as we discussed), but I rather
> write it too - the information about revocation reason. The same as the
> 'cert_show' provides.
Added --check-revocation flag to request this information. Currently it
works only on certificates issued by our CA.
>
> 3) MD5 and SHA1 fingerprints as the 'cert_show' method returns
Added, also included SHA-256.
>
> Thank you again.
Updated patches attached.
--
Jan Cholasta
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-551.1-ldap-fix-handling-of-binary-data-in-search-filters.patch
Type: text/x-patch
Size: 1201 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160421/4af84e06/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-552.1-api-add-basecert-plugins.patch
Type: text/x-patch
Size: 20482 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160421/4af84e06/attachment-0001.bin>
More information about the Freeipa-devel
mailing list