[Pki-devel] [PATCH] Bug-1447080-CC-CMC-allow-enrollment-key-signed-self-.patch

[Christina Fu]

Per discussion with Ade and Endi on unrelated audit-event-specific 
topic, we decide to not split events into SUCCESS and FAILURE.

This updated patch un-split the events that I split prior to the 
conversation/decision.

thanks,

Christina


On 05/15/2017 06:29 PM, Christina Fu wrote:
> (pague ticket is yet to be cloned)
>
> Bug 1447080 - CC: CMC: allow enrollment key signed (self-signed) CMC 
> with identity proof
>
> This patch implements handling of the self-signed CMC requests, where 
> the request is signed by the public key of the underlying request 
> (PKCS#10 or CRMF). The scenario for when this method is used is when 
> there was no existing signing cert for the user has been issued 
> before, and once it is issued, it can be used to sign subsequent cert 
> requests by the same user.
>
> The new enrollment profile introduced is : caFullCMCSelfSignedCert.cfg
>
> The new option introduced to both CRMFPopClient and PKCS10Client is 
> "-y" which will add the required SubjectKeyIdentifier to the 
> underlying request.
>
> When a CMC request is self-signed, no auditSubjectID is available 
> until Identification Proof (v2) is verified, however, the cert subject 
> DN is recorded in log as soon as it was available for additional 
> information.
>
> thanks!
>
> Christina
>
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20170516/f58db2b9/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Tocket2673-CMC-allow-enrollment-key-signed-self-sign.patch
Type: text/x-patch
Size: 152815 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20170516/f58db2b9/attachment.bin>