[Freeipa-devel] [freeipa PR#228][comment] cert-request: allow directoryName in SAN extension
tomaskrizek
freeipa-github-notification at redhat.com
Wed Nov 30 09:28:30 UTC 2016
URL: https://github.com/freeipa/freeipa/pull/228
Title: #228: cert-request: allow directoryName in SAN extension
tomaskrizek commented:
"""
@frasertweedale Oh, I didn't realize the DN in SAN matches the LDAP DN, while the Subject DN does not.
In that case, this PR makes sense to me as is. I also don't see the need to validate Subject DN and SAN DN differently, since they use different representation (subject is a more generic identifier, as @tiran pointed out; while SAN DN should be the unique LDAP DN identifier).
"""
See the full comment at https://github.com/freeipa/freeipa/pull/228#issuecomment-263550747
More information about the Freeipa-devel
mailing list