[Pki-devel] [PATCH] 236 - fix installation of subca with own security domain
Ade Lee
alee at redhat.com
Tue Sep 30 15:27:21 UTC 2014
Revised patch attached.
In the last patch, I had added code that would have registered the subCA
as a member of the super-CA security domain. This introduced a problem
in removing that entry from the super-CA when the system was
pkidestroyed. Its also changes the existing behavior and is not the
right thing to do.
This patch corrects all that, and thereby resolves the pkidestroy
problem.
Please review,
Ade
On Mon, 2014-09-29 at 13:20 -0400, Ade Lee wrote:
> This fixes issue 1132 and allows pkispawn to successfully install a
> subCA that hosts its own security domain.
>
> This was, in retrospect, a lot harder than I thought it was going to be.
> Prior to this patch, we simply did not support this configuration with
> pkispawn.
>
> Two new parameters are introduced:
> pki_subordinate_create_new_security_domain=False
> pki_subordinate_security_domain_name=%(pki_dns_domainname)s Subordinate Security Domain
>
> See man pages for correct usage.
>
> There is only one issue left. When removing the subca using pkidestroy,
> removing the entry from the master security domain currently fails due
> to authentication. I'll fix that in the next patch.
>
> This is tricky stuff so please review carefully.
>
> Thanks.
> Ade
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-vakwetu-0236-1-Fix-sub-CA-installation-with-own-security-domain.patch
Type: text/x-patch
Size: 28947 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140930/7b534ff1/attachment.bin>
More information about the Pki-devel
mailing list