URL: https://github.com/freeipa/freeipa/pull/5112 Author: tiran Title: #5112: Check ca_wrapped in ipa-custodia-check Action: opened
PR body: """ ca_wrapped uses Dogtag's pki tool (written in Java) to wrap key material. Add checks to custodia to verify that key wrapping works. Signed-off-by: Christian Heimes <chei...@redhat.com> """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5112/head:pr5112 git checkout pr5112
From c5685a52bee2c073142b2116f9c637a45c53e63d Mon Sep 17 00:00:00 2001 From: Christian Heimes <chei...@redhat.com> Date: Wed, 16 Sep 2020 17:01:29 +0200 Subject: [PATCH] Check ca_wrapped in ipa-custodia-check ca_wrapped uses Dogtag's pki tool (written in Java) to wrap key material. Add checks to custodia to verify that key wrapping works. Signed-off-by: Christian Heimes <chei...@redhat.com> --- install/tools/ipa-custodia-check.in | 2 ++ 1 file changed, 2 insertions(+) diff --git a/install/tools/ipa-custodia-check.in b/install/tools/ipa-custodia-check.in index 5143dc4983..66f8f1d723 100644 --- a/install/tools/ipa-custodia-check.in +++ b/install/tools/ipa-custodia-check.in @@ -49,6 +49,8 @@ KEYS = [ 'dm/DMHash', 'ra/ipaCert', 'ca/auditSigningCert cert-pki-ca', + 'ca_wrapped/auditSigningCert cert-pki-ca', + 'ca_wrapped/auditSigningCert cert-pki-ca/1.2.840.113549.3.7', 'ca/caSigningCert cert-pki-ca', 'ca/ocspSigningCert cert-pki-ca', 'ca/subsystemCert cert-pki-ca',
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org