[Pki-devel] [PATCH] 008 Wrap CertData.pkcs7_cert_chain in BEGIN/END CERTIFICATE

Christian Heimes cheimes at redhat.com
Wed Jul 1 12:48:18 UTC 2015


Hello,

the patch fixes #1374. It feels wrong to fix the bug in Python space. I
have addressed my concerns in
https://fedorahosted.org/pki/ticket/1374#comment:8

According to ​https://www.openssl.org/docs/apps/pkcs7.html a PEM PKCS7
message can be wrapped in either BEGIN PKCS7/END PKCS7 or in BEGIN
CERTIFICATE/END CERTIFICATE. Barbican uses BEGIN CERTIFICATE in the file
​
https://github.com/openstack/barbican/blob/master/barbican/plugin/dogtag.py.
Let's do that, too.

A fix for pki.cert.CertData is trivial. However I'm not sure if that is
the best place to add the wrapping header and footer. It may be a better
idea to fix it once and for all at the root in
org.dogtagpki.server.ca.rest.CertService.getCertChainData().
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-cheimes-0008-Wrap-CertData.pkcs7_cert_chain-in-BEGIN-END-CERTIFIC.patch
Type: text/x-patch
Size: 1194 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20150701/64db0c2c/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20150701/64db0c2c/attachment.sig>


More information about the Pki-devel mailing list