[Pki-devel] [PATCH] 0037-2, 0053 ensure correct CRL contents for host CA
Ade Lee
alee at redhat.com
Tue Oct 20 19:59:16 UTC 2015
ACK on 37-2 - and yes, we need an upgrade script for this.
For 53, I have some questions ..
If, prior to the code that creates issuerFilter, filter is blank,
then with your code, we will end up with:
filter = (&(issuer_filter))
which is a filter with an and-operator and only one and-clause.
As far as I know, that won't work.
Ade
On Fri, 2015-10-09 at 17:39 +1000, Fraser Tweedale wrote:
> The attached patches fix https://fedorahosted.org/pki/ticket/1626.
>
> 0037-2: earlier patch to store issuer DN in certificate entries,
> updated to add indices for the 'issuerName' attribute.
>
> 0053: updates the filter used by CRLIP to find certs to include in
> CRL.
>
> Note the following limitations:
>
> 1. No database update in relation to issuerName attribute and
> indices. If people are otherwise satisfied with the patch, I will
> file a ticket for the database upgrade aspect.
>
> 2. There is no way to define CRLIP for a lightweight CA. There is a
> separate ticket for this: https://fedorahosted.org/pki/ticket/1626
> (currently not a priority).
>
> Cheers,
> Fraser
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list