URL: https://github.com/freeipa/freeipa/pull/228
Title: #228: cert-request: allow directoryName in SAN extension

tomaskrizek commented:
"""
@frasertweedale Oh, I didn't realize the DN in SAN matches the LDAP DN, while 
the Subject DN does not.

In that case, this PR makes sense to me as is. I also don't see the need to 
validate Subject DN and SAN DN differently, since they use different 
representation (subject is a more generic identifier, as @tiran pointed out; 
while SAN DN should be the unique LDAP DN identifier).
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/228#issuecomment-263550747
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to