[Pki-devel] [PATCH] pki-cfu-0037-ticket-1110-pkispawn-configuration-does-not-provide-.patch

Christina Fu cfu at redhat.com
Thu Sep 25 21:33:13 UTC 2014 

pushed to both master and DOGTAG_10_1_BRANCH

master:
commit ee33bb2a90a183b9d5552c6ac193e9d8958a3974 
<https://fedorahosted.org/pki/changeset/ee33bb2a90a183b9d5552c6ac193e9d8958a3974/>

DOGTAG_10_1_BRANCH:
commit 7da4d9802f058f2f78777928c7e259578ad6daef 
<https://fedorahosted.org/pki/changeset/7da4d9802f058f2f78777928c7e259578ad6daef/>

Christina

On 09/25/2014 10:04 AM, Matthew Harmsen wrote:
> ACK
>
> On 09/25/14 09:19, Christina Fu wrote:
>> This patch is for ticket:
>> https://fedorahosted.org/pki/ticket/1110 - pkispawn (configuration) 
>> does not provide CA extensions in subordinate certificate signing 
>> requests (CSR)
>>
>> It was agreed upon that this patch just needs to provide the bare 
>> essential to do the job without anything fancy.
>>
>> As a result, four new pkispawn configuration parameters are 
>> introduced with the following default:
>> pki_req_ext_add=False
>> pki_req_ext_oid=1.3.6.1.4.1.311.20.2
>> pki_req_ext_critical=False
>> pki_req_ext_data=1E0A00530075006200430041
>>
>> where pki_req_ext_add controls whether this extra request extension 
>> is to be added or not to the csr of a CA signing cert (by default 
>> it's False).  It is available only for the "external CA" case, and 
>> only one such extension can be added.
>>
>> There is a potential that in the future we could make this extension 
>> available for all cert requests and in multiple. However, it is not a 
>> goal at this time for the purpose of this patch.  When the need 
>> arises, we will file a separate ticket for it.
>>
>> Thanks,
>> Christina
>>
>>
>> _______________________________________________
>> Pki-devel mailing list
>> Pki-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-devel
>
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140925/e94e4289/attachment.htm>

More information about the Pki-devel mailing list