[Freeipa-devel] [freeipa PR#542][opened] Implementation independent interface for CSR generation

[LiptonB]

   URL: https://github.com/freeipa/freeipa/pull/542
Author: LiptonB
 Title: #542: Implementation independent interface for CSR generation
Action: opened

PR body:
"""
@HonzaCholasta and everyone, here is where I am so far on the [CertificationRequestInfo-based interface for CSR generation](https://www.redhat.com/archives/freeipa-devel/2017-February/msg00104.html).

As I see it, there are a few rough edges still, so I'd like to get your opinion, especially about these things:
- For feeding to `build_requestinfo` we want a config file, not a script, so I needed to add another formatter/helper that omits the bash code that's there for other helpers.
- While openssl has a library function for creating cert extensions from the config file format, the logic for creating the subject name from the config format is implemented within the `openssl req` command rather than the library. In `build_requestinfo` I copied [the code from certmonger](https://pagure.io/certmonger/blob/master/f/src/csrgen-o.c#_193-223) that creates the subject name, which takes a simpler format. So the new formatter is called "certmonger" and uses that format.
- I'm not sure where in the freeipa project the code for `build_requestinfo` should go, how to work it into the build process, and where it should be installed. Right now I just have a TODO to do so. Or did you mean for that code to be run via CFFI as well?
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/542/head:pr542
git checkout pr542
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pr-542.patch
Type: text/x-diff
Size: 20912 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20170306/35bc97ae/attachment.bin>