Title: #490: certdb: use certutil and match_hostname for cert verification
As for your suggestions to improve the validation, I completely agree with
them, but the focus of this PR is to refactor the current validation not to use
python-nss, which it delivers. Could you please file a ticket for the
improvements, so that it gets more visibility and can be properly tracked?
See the full comment at
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code