URL: https://github.com/freeipa/freeipa/pull/228
Title: #228: cert-request: allow directoryName in SAN extension

tomaskrizek commented:
@frasertweedale Oh, I didn't realize the DN in SAN matches the LDAP DN, while 
the Subject DN does not.

In that case, this PR makes sense to me as is. I also don't see the need to 
validate Subject DN and SAN DN differently, since they use different 
representation (subject is a more generic identifier, as @tiran pointed out; 
while SAN DN should be the unique LDAP DN identifier).

See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to