[Pki-devel] [PATCH] 236 - fix installation of subca with own security domain
Ade Lee
alee at redhat.com
Wed Oct 1 16:11:38 UTC 2014
New version attached with Endi's suggested changes.
Please review,
Thanks.
Ade
On Tue, 2014-09-30 at 11:27 -0400, Ade Lee wrote:
> Revised patch attached.
>
> In the last patch, I had added code that would have registered the subCA
> as a member of the super-CA security domain. This introduced a problem
> in removing that entry from the super-CA when the system was
> pkidestroyed. Its also changes the existing behavior and is not the
> right thing to do.
>
> This patch corrects all that, and thereby resolves the pkidestroy
> problem.
>
> Please review,
> Ade
>
> On Mon, 2014-09-29 at 13:20 -0400, Ade Lee wrote:
> > This fixes issue 1132 and allows pkispawn to successfully install a
> > subCA that hosts its own security domain.
> >
> > This was, in retrospect, a lot harder than I thought it was going to be.
> > Prior to this patch, we simply did not support this configuration with
> > pkispawn.
> >
> > Two new parameters are introduced:
> > pki_subordinate_create_new_security_domain=False
> > pki_subordinate_security_domain_name=%(pki_dns_domainname)s Subordinate Security Domain
> >
> > See man pages for correct usage.
> >
> > There is only one issue left. When removing the subca using pkidestroy,
> > removing the entry from the master security domain currently fails due
> > to authentication. I'll fix that in the next patch.
> >
> > This is tricky stuff so please review carefully.
> >
> > Thanks.
> > Ade
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-vakwetu-0236-2-Fix-sub-CA-installation-with-own-security-domain.patch
Type: text/x-patch
Size: 28988 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20141001/3290ce97/attachment.bin>
More information about the Pki-devel
mailing list