Hi,

On 14.7.2016 13:44, Fraser Tweedale wrote:
Hi all,

The attached patch includes SANs in cert-show output.  If you have
certs with esoteric altnames (especially any that are more than just
ASN.1 string types), please test with those certs.

https://fedorahosted.org/freeipa/ticket/6022

I think it would be better to have a separate attribute for each supported SAN type rather than cramming everything into subject_alt_name. That way if you care only about a single specific type you won't have to go through all the values and parse them. Also it would allow you to use param types appropriate to the SAN types (DNSNameParam for DNS names, Principal for principal names, etc.)

Nitpick: please don't mix moving existing stuff and adding new stuff in a single patch.

Honza

--
Jan Cholasta

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to