[Pki-devel] [pki-devel][PATCH] 0086-Resolve-pkispawn-does-not-change-default-ecc-key-siz.patch
John Magne
jmagne at redhat.com
Fri Dec 9 18:42:29 UTC 2016
ACKED, by mharmsen, thanks!
Pushed to master:
commit ae350a3d4e0ae9b82fa44ebdfa37654f0083b4c1
Author: Jack Magne <jmagne at dhcp-16-206.sjc.redhat.com>
Date: Thu Dec 8 16:35:20 2016 -0800
Resolve: pkispawn does not change default ecc key size from nistp256 when nistp384 is specified in spawn config
Ticket #2552.
This fix turned out simple. The client was correctly setting the required data, but it was putting the curveName in the
"keySize" field of the SystemCertData object sent to the back end. The configuration routine was trying to find the name in the "curveName" field when its really in the "keySize" field. This issue is restricted to the ECC case. It is fine to simply fix this in the server, since the "keySize" is a string anyway and it makes decent sense.
Closing ticket #2552
----- Original Message -----
> From: "Matthew Harmsen" <mharmsen at redhat.com>
> To: "John Magne" <jmagne at redhat.com>, "pki-devel" <pki-devel at redhat.com>
> Sent: Thursday, December 8, 2016 5:36:24 PM
> Subject: Re: [Pki-devel] [pki-devel][PATCH] 0086-Resolve-pkispawn-does-not-change-default-ecc-key-siz.patch
>
> On 12/08/2016 05:42 PM, John Magne wrote:
> > Simple patch will provide a fix to this issue.
> >
> >
> > _______________________________________________
> > Pki-devel mailing list
> > Pki-devel at redhat.com
> > https://www.redhat.com/mailman/listinfo/pki-devel
>
> Tested original code to confirm incorrect ECC signing curve; tested
> patched code to confirm correct ECC signing curve.
>
> ACK
>
>
More information about the Pki-devel
mailing list