[Pki-devel] [PATCH] pki-cfu-0037-ticket-1110-pkispawn-configuration-does-not-provide-.patch
Christina Fu
cfu at redhat.com
Thu Sep 25 16:19:22 UTC 2014
This patch is for ticket:
https://fedorahosted.org/pki/ticket/1110 - pkispawn (configuration) does
not provide CA extensions in subordinate certificate signing requests (CSR)
It was agreed upon that this patch just needs to provide the bare
essential to do the job without anything fancy.
As a result, four new pkispawn configuration parameters are introduced
with the following default:
pki_req_ext_add=False
pki_req_ext_oid=1.3.6.1.4.1.311.20.2
pki_req_ext_critical=False
pki_req_ext_data=1E0A00530075006200430041
where pki_req_ext_add controls whether this extra request extension is
to be added or not to the csr of a CA signing cert (by default it's
False). It is available only for the "external CA" case, and only one
such extension can be added.
There is a potential that in the future we could make this extension
available for all cert requests and in multiple. However, it is not a
goal at this time for the purpose of this patch. When the need arises,
we will file a separate ticket for it.
Thanks,
Christina
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-cfu-0037-ticket-1110-pkispawn-configuration-does-not-provide-.patch
Type: text/x-patch
Size: 19042 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140925/358ab329/attachment.bin>
More information about the Pki-devel
mailing list