On Tue, Jul 19, 2016 at 08:50:34AM +0200, Jan Cholasta wrote:
> On 14.7.2016 13:44, Fraser Tweedale wrote:
> > Hi all,
> > The attached patch includes SANs in cert-show output. If you have
> > certs with esoteric altnames (especially any that are more than just
> > ASN.1 string types), please test with those certs.
> > https://fedorahosted.org/freeipa/ticket/6022
> I think it would be better to have a separate attribute for each supported
> SAN type rather than cramming everything into subject_alt_name. That way if
> you care only about a single specific type you won't have to go through all
> the values and parse them. Also it would allow you to use param types
> appropriate to the SAN types (DNSNameParam for DNS names, Principal for
> principal names, etc.)
You are right; that would be much better.
> Nitpick: please don't mix moving existing stuff and adding new stuff in a
> single patch.
Will cut new patches to address both of these points.
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code