[Freeipa-users] Reports and questions
John Dennis
jdennis at redhat.com
Mon May 3 17:51:06 UTC 2010
On 05/03/2010 01:23 PM, Rob Crittenden wrote:
> Marc Schlinger wrote:
>> p.s: I really had problems without the ia5string stuff. I'm not crazy!
>> am I?
>
> I don't think so, I just didn't run into it myself. It could be because
> you use openssl to create the CSR and I used the NSS tools. Or it could
> be because your locale is different, or the phase of the moon, who knows
> :-) The pyasn1 guys have a code comment questioning why ia5string is
> needed as well: # hm, this should not be here!? XXX If we're going to
> get requests with ia5strings I'm ok with adding support to the parser.
>
> The reason I asked for the cert sample was so I would be able to test
> the fix end-to-end, and perhaps incorporate it into our test suite.
I would hold off making any fixes to the parser you wrote. I've got an
update to python-nss coming soon which fully supports certificate
loading, decoding and inspection using NSS entry points. It properly (or
so I hope) handles all the variants (which are numerous) including
ia5string.
We should converge on using NSS for everything, the update will get us a
lot closer to that goal.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list