URL: https://github.com/freeipa/freeipa/pull/228
Title: #228: cert-request: allow directoryName in SAN extension

tomaskrizek commented:
As I have understood from the mailing list discussion, we have two options:

1. We use this patch as is. That means Subject Alternative Name (SAN) DN always 
has to be the same as the Subject DN. Is there any use case for this? To me 
this seems like a duplicate info. Isn't the purpose of SAN to provide an 
*alternative* name?

2. We extend the validation to allow any existing principal. Are there any use 
cases for this?

Perhaps I'm missing something, but the first option doesn't seem very useful 
and I don't know if the second one is a valid and needed use case.

See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to