On 03/27/2013 04:40 PM, John Dennis wrote:
On 03/27/2013 11:23 AM, Petr Viktorin wrote:
I don't want to check the subject because this RFE was prompted by IPA's
normal CA rejecting valid wildcart certs. Is there a reasonable way to
ask NSS if it will trust the cert?


Yes. NSS provides a variety of tools to test validation.

Thanks! I'll take a look at it again.

Going just on memory here, our current version of python-nss has a
simple call to test validation. Sometime in the last year I added a fair
amount of new support for certificate validation including getting back
diagnostic information for validation failures, however if I recall
correctly the extended functionality in python-nss has not been released
yet.

I'll add verify_hostname from the validation example; if there's anything else please give me a pointer -- I haven't read all the docs, yet.

--
PetrĀ³

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to