[Pki-devel] [PATCH] pki-cfu-0153-Ticket-2496-Cert-Key-recovery-is-successful-when-the.patch

Christina Fu cfu at redhat.com
Fri Oct 7 18:57:03 UTC 2016 

pushed to master:

commit e00a28fcdc3e8fea920c85563a3ab26b123dda2d 
<https://fedorahosted.org/pki/changeset/e00a28fcdc3e8fea920c85563a3ab26b123dda2d/> 


thanks!

Christina


On 10/07/2016 11:19 AM, John Magne wrote:
> ACK
>
>
> One minor issue:
>
> The explaining text in the CS.cfg is incorrect. It has the meaning
> of the new flag reverse to what is intended:
>
> When recovering by keyid: externalReg.recover.byKeyID=false
> +externalReg._024=#       - keyid in record indicates actual recovery;
> +externalReg._025=#         e.g. (certstoadd: 36,ca1,5,kra1)
> +externalReg._026=#       - missing of which means retention;
> +externalReg._027=#         e.g. (certstoadd: 36,ca1)
> +externalReg._028=#     When recovering by cert: externalReg.recover.byKeyID=true
> +externalReg._029=#       - keyid field needs to be present
> +externalReg._030=#         but the value is not relevant and will be ignored
> +externalReg._031=#         (a "0" would be fine)
> +externalReg._032=#         e.g. (certstoadd: 36,ca1,0,kra1)
> +externalReg._033=#       - missing of keyid still means retention;
> +externalReg._034=#         e.g. (certstoadd: 36,ca1)
>
> false and true for byKeID is switched.
>
>
> Also, since there is a small chance of impact to certain external reg features, such as retention,
> it might make sense to recommend a quick sanity test of the external reg feature after this.
>
> In the future we might want to more strongly discourage the keyid pathway.
>
>
> ----- Original Message -----
>> From: "Christina Fu" <cfu at redhat.com>
>> To: pki-devel at redhat.com
>> Sent: Thursday, October 6, 2016 2:18:49 PM
>> Subject: [Pki-devel] [PATCH] pki-cfu-0153-Ticket-2496-Cert-Key-recovery-is-successful-when-the.patch
>>
>> Attached  please find the patch for
>>
>> https://fedorahosted.org/pki/ticket/2496 Cert/Key recovery is successful
>> when the cert serial number and key id on the ldap user mismatches
>>
>> Description is in patch summary.
>>
>> thanks,
>>
>> Christina
>>
>>
>> _______________________________________________
>> Pki-devel mailing list
>> Pki-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-devel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20161007/3e17ada2/attachment.htm>

More information about the Pki-devel mailing list