On Thu, 2009-07-23 at 12:25 -0400, Rob Crittenden wrote:
> A few issues were found in the way we identify the root cert to trust 
> when importing PKCS#12 files. The regex was not specific enough and 
> there is no need to explicitly trust root CAs that are built into NSS.
> 
> I also did a little bit of code cleanup to add logging and remove an 
> unused import.
> 
> And finally, I added a bit of code that should help a basic install on 
> Fedora 11. The certutil on Fedora 11 doesn't return untrusted CAs in its 
> -O output. This will fix the self-signed IPA default CA case anway.
> 
> If acked I'll push a similar patch to the 1-2 branch as well. We lack 
> the self-signed CA awareness so I'm not sure how I'm going to tackle 
> that yet but I suspect that I'll simply make it the default if no CA is 
> found (along with a log entry saying so).
> 
> rob

ack. pushed to master.

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to