[Freeipa-devel] [PATCH] 0097 Add options to write lightweight CA cert or chain to file
Alexander Bokovoy
abokovoy at redhat.com
Mon Aug 8 07:24:50 UTC 2016
On Mon, 08 Aug 2016, Fraser Tweedale wrote:
>On Mon, Aug 08, 2016 at 08:54:05AM +0200, Jan Cholasta wrote:
>> Hi,
>>
>> On 8.8.2016 06:34, Fraser Tweedale wrote:
>> > Please review the attached patch with adds --certificate-out and
>> > --certificate-chain-out options to `ca-show' command.
>> >
>> > Note that --certificate-chain-out currently writes a bogus file due
>> > to a bug in Dogtag that will be fixed in this week's build.
>> >
>> > https://fedorahosted.org/freeipa/ticket/6178
>>
>> 1) The client-side *-out options should be defined on the client side, not
>> on the server side.
>>
>Will option defined on client side be propagated to, and observable
>in the ipaserver plugin? The ipaserver plugin needs to observe that
>*-out has been requested and executes additional command(s) on that
>basis.
You define Str() 'out' option on the server side -- this is what
server side will see if --out option would be specified on the client
side. Then on the client side you would override forward() method and
check if 'out' is in options, then do write to the file.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list