Re: [Freeipa-devel] [PATCHES 551-552, 623-624] cert: add owner information, allow search by certificate

Tue, 21 Jun 2016 00:42:13 -0700 


On 06/21/2016 08:34 AM, David Kupka wrote:

On 21/06/16 07:19, Jan Cholasta wrote:

On 20.6.2016 15:31, Jan Cholasta wrote:

On 20.6.2016 09:54, Jan Cholasta wrote:

On 15.6.2016 12:33, Jan Cholasta wrote:

On 14.6.2016 11:44, Jan Cholasta wrote:

On 21.4.2016 09:11, Jan Cholasta wrote:

On 6.4.2016 15:46, Pavel Vomacka wrote:



On 03/16/2016 01:50 PM, Jan Cholasta wrote:

Hi,

the attached patches implement the server-side part of
<https://fedorahosted.org/freeipa/ticket/5381>.

Honza


Hi,

thank you for the patches. I tested them and they work well. But I
would

like to ask you whether would be possible to extend the 
response of
'basecert_find' method and probably also 'basecert_show' 
response. I

think of these information:

1) information whether the certificate is issued by our CA or not.


You can check for that by comparing the issuer name of the
certificate

to "CN=Certificate Authority,$SUBJECT_BASE". You can get subject 
base

from config-show.



2) this probably wouldn't be possible (as we discussed), but I
rather

write it too - the information about revocation reason. The 
same as

the
'cert_show' provides.


Added --check-revocation flag to request this information.
Currently it
works only on certificates issued by our CA.



3) MD5 and SHA1 fingerprints as the 'cert_show' method returns


Added, also included SHA-256.



Thank you again.


Updated patches attached.


Updated and rebased patches attached. Requires Fraser's sub-CA
patches.


Attaching updated patch 623, which fixes these issues found by David:
<https://paste.fedoraproject.org/378997/65913663/>.


Updated and rebased patches attached.



Attaching updated patches 552 and 623, which fix the --sizelimit 
option.


Updated and rebased patches attached. The --revocation-reason option now
works as expected.





Hello!


Thanks for patch set. Code looks good to me and works as expected. 
Pavel will test it with WebUI and the we can hopefully push it.



Hello,

Thank you for patches. Works as expected also in WebUI, so we can push it.

--
Pavel^3 Vomacka

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code






















					Reply via email to