On 26.3.2012 16:15, Rob Crittenden wrote:
Jan Cholasta wrote:


You can still set a custom subject base for selfsign installations so
you need a special case in valid_issuer().

For selfsign installations, the issuer is always "CN=REALM Certificate Authority", no matter what is set in the subject base, so no special case is needed.

I wonder if this comparison
should be case insensitive too.

I think the DN class already takes care of this.

It may also be an optimization to cache the base in subject_base(). It
can't change after install time so it should be valid the entire
lifetime of the server.

What if someone does

$ ipa config-mod --setattr ipacertificatesubjectbase='O=Something'




Jan Cholasta

Freeipa-devel mailing list

Reply via email to