On Fri, Jul 08, 2016 at 01:18:23PM +0200, Petr Spacek wrote:
> On 8.7.2016 05:42, Fraser Tweedale wrote:
> >
> > 2. If argument contains CN but it is not the "most specific"
> > RDN, move it to the front (to satisfy requirement of Dogtag
> > profile).
>
> I wonder if we can relax the requirement in Dogtag so no reordering is needed.
> After all, DN is just a name, isn't it? Why Dogtag requires particular field
> in DN?
>
Cc pki-devel@. The subject name constraint in the caCAcert profile
is:
policyset.caCertSet.1.constraint.params.pattern=CN=.*
What do you think? Can we relax or remove this constraint - or if
not, why is it required?
Thanks,
Fraser
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
