URL: https://github.com/freeipa/freeipa/pull/773
Author: felipevolpone
Title: #773: [WIP] Warn in cert-request if CSR doesn't contain SAN
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/773/head:pr773
git checkout pr773
From caddd601c9f03af5d1aff7732bca566f6391703f Mon Sep 17 00:00:00 2001
From: Felipe Volpone <felipevolp...@gmail.com>
Date: Tue, 9 May 2017 17:06:55 -0300
Subject: [PATCH 1/2] warn in cert-request if CSR doesn't contain SAN
---
ipaserver/plugins/cert.py | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
index 1a425de..aa960ab 100644
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -771,6 +771,18 @@ def execute(self, csr, all=False, raw=False, chain=False, **kw):
cn = cns[-1].value # "most specific" is end of list
if principal_type in (SERVICE, HOST):
+
+ has_dns_in_san_ext = False
+ if ext_san:
+ for gn in x509.process_othernames(ext_san.value):
+ if isinstance(gn, cryptography.x509.general_name.DNSName):
+ has_dns_in_san_ext = True
+
+ if not ext_san or not has_dns_in_san_ext:
+ print('Warning: The SAN extension '
+ 'should be provided. Please, check the RFC 2818.')
+
+
if not _dns_name_matches_principal(cn, principal, principal_obj):
raise errors.ValidationError(
name='csr',
From 9b60d7e904269743e0a4d19821139738db5e02e9 Mon Sep 17 00:00:00 2001
From: Felipe Volpone <felipevolp...@gmail.com>
Date: Thu, 11 May 2017 19:53:56 -0300
Subject: [PATCH 2/2] Improving GUI text in "Add DNS Zone" popup.
---
install/ui/src/freeipa/dns.js | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/install/ui/src/freeipa/dns.js b/install/ui/src/freeipa/dns.js
index 1be8513..f2b110d 100644
--- a/install/ui/src/freeipa/dns.js
+++ b/install/ui/src/freeipa/dns.js
@@ -294,6 +294,11 @@ return {
height: 300,
sections: [
{
+ name: 'dnszone_title',
+ label: 'Select the required zone type.',
+ fields: []
+ },
+ {
name: 'name',
layout: IPA.dnszone_name_section_layout,
fields: [
@@ -307,6 +312,7 @@ return {
$type: 'dnszone_name',
name: 'name_from_ip',
radio_name: 'dnszone_name_type',
+ required: false,
validators: ['network']
}
]
@@ -750,9 +756,6 @@ IPA.add_dns_zone_name_policy = function() {
idnsname_w.input.prop('disabled', false);
name_from_ip_w.input.prop('disabled', true);
- idnsname_f.set_required(true);
- name_from_ip_f.set_required(false);
-
name_from_ip_f.reset();
});
@@ -760,9 +763,6 @@ IPA.add_dns_zone_name_policy = function() {
idnsname_w.input.prop('disabled', true);
name_from_ip_w.input.prop('disabled', false);
- idnsname_f.set_required(false);
- name_from_ip_f.set_required(true);
-
idnsname_f.reset();
});
};
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
