[Pki-devel] [PATCH] 008 Wrap CertData.pkcs7_cert_chain in BEGIN/END CERTIFICATE
Ade Lee
alee at redhat.com
Fri Jul 17 20:25:02 UTC 2015
NACK.
Agreed that this is not the right place for this fix. If we fix in
Python client, then Java and Python clients will be inconsistent.
This needs to be fixed on the server.
Ade
On Wed, 2015-07-01 at 14:48 +0200, Christian Heimes wrote:
> Hello,
>
> the patch fixes #1374. It feels wrong to fix the bug in Python space. I
> have addressed my concerns in
> https://fedorahosted.org/pki/ticket/1374#comment:8
>
> According to https://www.openssl.org/docs/apps/pkcs7.html a PEM PKCS7
> message can be wrapped in either BEGIN PKCS7/END PKCS7 or in BEGIN
> CERTIFICATE/END CERTIFICATE. Barbican uses BEGIN CERTIFICATE in the file
>
> https://github.com/openstack/barbican/blob/master/barbican/plugin/dogtag.py.
> Let's do that, too.
>
> A fix for pki.cert.CertData is trivial. However I'm not sure if that is
> the best place to add the wrapping header and footer. It may be a better
> idea to fix it once and for all at the root in
> org.dogtagpki.server.ca.rest.CertService.getCertChainData().
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list