[Pki-devel] [PATCH] pki-cfu-0037-ticket-1110-pkispawn-configuration-does-not-provide-.patch
Christina Fu
cfu at redhat.com
Thu Sep 25 21:33:13 UTC 2014
pushed to both master and DOGTAG_10_1_BRANCH
master:
commit ee33bb2a90a183b9d5552c6ac193e9d8958a3974
<https://fedorahosted.org/pki/changeset/ee33bb2a90a183b9d5552c6ac193e9d8958a3974/>
DOGTAG_10_1_BRANCH:
commit 7da4d9802f058f2f78777928c7e259578ad6daef
<https://fedorahosted.org/pki/changeset/7da4d9802f058f2f78777928c7e259578ad6daef/>
Christina
On 09/25/2014 10:04 AM, Matthew Harmsen wrote:
> ACK
>
> On 09/25/14 09:19, Christina Fu wrote:
>> This patch is for ticket:
>> https://fedorahosted.org/pki/ticket/1110 - pkispawn (configuration)
>> does not provide CA extensions in subordinate certificate signing
>> requests (CSR)
>>
>> It was agreed upon that this patch just needs to provide the bare
>> essential to do the job without anything fancy.
>>
>> As a result, four new pkispawn configuration parameters are
>> introduced with the following default:
>> pki_req_ext_add=False
>> pki_req_ext_oid=1.3.6.1.4.1.311.20.2
>> pki_req_ext_critical=False
>> pki_req_ext_data=1E0A00530075006200430041
>>
>> where pki_req_ext_add controls whether this extra request extension
>> is to be added or not to the csr of a CA signing cert (by default
>> it's False). It is available only for the "external CA" case, and
>> only one such extension can be added.
>>
>> There is a potential that in the future we could make this extension
>> available for all cert requests and in multiple. However, it is not a
>> goal at this time for the purpose of this patch. When the need
>> arises, we will file a separate ticket for it.
>>
>> Thanks,
>> Christina
>>
>>
>> _______________________________________________
>> Pki-devel mailing list
>> Pki-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-devel
>
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140925/e94e4289/attachment.htm>
More information about the Pki-devel
mailing list