[Pki-devel] [PATCH] 2-3 Copy ExtendedKeyUsage from signing request
Christina Fu
cfu at redhat.com
Tue Jun 24 15:33:02 UTC 2014
I have replied to your original email. Please let us know whether you
have tried the existing method I suggested in the email and what the
result was.
thanks,
Christina
On 06/17/2014 10:54 PM, Fraser Tweedale wrote:
> On Mon, Jun 16, 2014 at 05:57:03PM +1000, Fraser Tweedale wrote:
>> Hi all,
>>
>> These patches implement support for copying the ExtendedKeyUsage
>> extension from a signing request to the certificate, addressing
>> https://fedorahosted.org/freeipa/ticket/2915.
>>
>> My email from a few days ago goes into a bit more detail and puts
>> forward the question of whether this is even a reasonable approach
>> to solving #2915. Since I haven't yet received any feedback I
>> figured I'd go ahead and publish the patches.
>>
>>
>> Patch 0002:
>>
>> Add appropriate ExtendedKeyUsage constraints to all profiles that
>> support this extension. To check that none were missed:
>>
>> $ ag -l extendedKeyUsageExtDefaultImpl \
>> | xargs ag -L extendedKeyUsageExtConstraintImpl
>>
>> Patch 0003:
>>
>> The actual fix: EKU extension is copied from signing request, or the
>> default is used when the extension does not appear in the request.
> New patch versions; fixed commit author (hadn't changed .gitconfig
> from personal email address :). Rebased also, but no other changes.
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140624/8a244b57/attachment.htm>
More information about the Pki-devel
mailing list