[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Pki-devel] [PATCH] 008 Wrap CertData.pkcs7_cert_chain in BEGIN/END CERTIFICATE



NACK.

Agreed that this is not the right place for this fix.  If we fix in
Python client, then Java and Python clients will be inconsistent.
This needs to be fixed on the server.

Ade

On Wed, 2015-07-01 at 14:48 +0200, Christian Heimes wrote:
> Hello,
> 
> the patch fixes #1374. It feels wrong to fix the bug in Python space. I
> have addressed my concerns in
> https://fedorahosted.org/pki/ticket/1374#comment:8
> 
> According to ​https://www.openssl.org/docs/apps/pkcs7.html a PEM PKCS7
> message can be wrapped in either BEGIN PKCS7/END PKCS7 or in BEGIN
> CERTIFICATE/END CERTIFICATE. Barbican uses BEGIN CERTIFICATE in the file
> ​
> https://github.com/openstack/barbican/blob/master/barbican/plugin/dogtag.py.
> Let's do that, too.
> 
> A fix for pki.cert.CertData is trivial. However I'm not sure if that is
> the best place to add the wrapping header and footer. It may be a better
> idea to fix it once and for all at the root in
> org.dogtagpki.server.ca.rest.CertService.getCertChainData().
> _______________________________________________
> Pki-devel mailing list
> Pki-devel redhat com
> https://www.redhat.com/mailman/listinfo/pki-devel



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]