Hi, On 13.8.2015 07:54, Fraser Tweedale wrote:
The attached patch fixes https://fedorahosted.org/freeipa/ticket/5205
Simo wrote this some time ago in a (private) discussion about CSR extensions:
On 23.1.2014 18:58, Simo Sorce wrote:
Regardless of which tool we use, I really think we need an API that will list all the extensions, whether they are understood or not, and then we need to proceed and check that only 'acceptable' extensions are passed in. Dogtag will do extra validation for sure, but given IPA does access control, then IPA needs to be sure of what it is checking.
Simo, does this still hold? Fraser's patch removes the check. Is it OK or not?
Honza -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
