[Pki-devel] [PATCH] pki-cfu-0037-ticket-1110-pkispawn-configuration-does-not-provide-.patch
Matthew Harmsen
mharmsen at redhat.com
Thu Sep 25 17:04:51 UTC 2014
ACK
On 09/25/14 09:19, Christina Fu wrote:
> This patch is for ticket:
> https://fedorahosted.org/pki/ticket/1110 - pkispawn (configuration)
> does not provide CA extensions in subordinate certificate signing
> requests (CSR)
>
> It was agreed upon that this patch just needs to provide the bare
> essential to do the job without anything fancy.
>
> As a result, four new pkispawn configuration parameters are introduced
> with the following default:
> pki_req_ext_add=False
> pki_req_ext_oid=1.3.6.1.4.1.311.20.2
> pki_req_ext_critical=False
> pki_req_ext_data=1E0A00530075006200430041
>
> where pki_req_ext_add controls whether this extra request extension is
> to be added or not to the csr of a CA signing cert (by default it's
> False). It is available only for the "external CA" case, and only one
> such extension can be added.
>
> There is a potential that in the future we could make this extension
> available for all cert requests and in multiple. However, it is not a
> goal at this time for the purpose of this patch. When the need
> arises, we will file a separate ticket for it.
>
> Thanks,
> Christina
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140925/41c27516/attachment.htm>
More information about the Pki-devel
mailing list