On 08/13/2014 03:57 PM, Martin Kosek wrote:
On 08/13/2014 03:12 PM, Petr Viktorin wrote:
This works for me, but I'm not sure if I'm correctly reproducing the specific
scenario this patch fixes. So as always, can you please add tests for code you
As far as other scenarios, it seems to me that when I do something wrong I get
a very unhelpful error message late in the installation.
I tried signing the request using xca but pkispawn choked on the result; I'll
try to write a reproducer script using command-line tools.
Attached is a script (based on the external ca integration test) that
reproduces the same IndexError as mentioned in the ticket. (If necessary,
adjust the IP addresses, hostnames, etc. to fit your environment.)
The difference from a working script is that extensions aren't added to the IPA
cert when it's signed.
This is a very good finding. If Jan's patch fixes the reported problem, let us
But the missing validation should be fixed too. Can you please extend
that is (will be) planned for 4.1 and attach your script as well so that we can
improve the usability by both accepting more certificate types and validation?
Freeipa-devel mailing list