URL: https://github.com/freeipa/freeipa/pull/5112
Author: tiran
Title: #5112: Check ca_wrapped in ipa-custodia-check
Action: opened
PR body:
"""
ca_wrapped uses Dogtag's pki tool (written in Java) to wrap key
material. Add checks to custodia to verify that key wrapping works.
Signed-off-by: Christian Heimes <chei...@redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5112/head:pr5112
git checkout pr5112
From c5685a52bee2c073142b2116f9c637a45c53e63d Mon Sep 17 00:00:00 2001
From: Christian Heimes <chei...@redhat.com>
Date: Wed, 16 Sep 2020 17:01:29 +0200
Subject: [PATCH] Check ca_wrapped in ipa-custodia-check
ca_wrapped uses Dogtag's pki tool (written in Java) to wrap key
material. Add checks to custodia to verify that key wrapping works.
Signed-off-by: Christian Heimes <chei...@redhat.com>
---
install/tools/ipa-custodia-check.in | 2 ++
1 file changed, 2 insertions(+)
diff --git a/install/tools/ipa-custodia-check.in b/install/tools/ipa-custodia-check.in
index 5143dc4983..66f8f1d723 100644
--- a/install/tools/ipa-custodia-check.in
+++ b/install/tools/ipa-custodia-check.in
@@ -49,6 +49,8 @@ KEYS = [
'dm/DMHash',
'ra/ipaCert',
'ca/auditSigningCert cert-pki-ca',
+ 'ca_wrapped/auditSigningCert cert-pki-ca',
+ 'ca_wrapped/auditSigningCert cert-pki-ca/1.2.840.113549.3.7',
'ca/caSigningCert cert-pki-ca',
'ca/ocspSigningCert cert-pki-ca',
'ca/subsystemCert cert-pki-ca',
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
