Hi,

On 13.8.2015 07:54, Fraser Tweedale wrote:
The attached patch fixes
https://fedorahosted.org/freeipa/ticket/5205


Simo wrote this some time ago in a (private) discussion about CSR extensions:

On 23.1.2014 18:58, Simo Sorce wrote:
Regardless of which tool we use, I really think we need an API that will
list all the extensions, whether they are understood or not, and then we
need to proceed and check that only 'acceptable' extensions are passed
in. Dogtag will do extra validation for sure, but given IPA does access
control, then IPA needs to be sure of what it is checking.

Simo, does this still hold? Fraser's patch removes the check. Is it OK or not?

Honza

--
Jan Cholasta

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to