On 05/03/2010 01:23 PM, Rob Crittenden wrote:
Marc Schlinger wrote:
p.s: I really had problems without the ia5string stuff. I'm not crazy!
am I?

I don't think so, I just didn't run into it myself. It could be because
you use openssl to create the CSR and I used the NSS tools. Or it could
be because your locale is different, or the phase of the moon, who knows
:-) The pyasn1 guys have a code comment questioning why ia5string is
needed as well: # hm, this should not be here!? XXX If we're going to
get requests with ia5strings I'm ok with adding support to the parser.

The reason I asked for the cert sample was so I would be able to test
the fix end-to-end, and perhaps incorporate it into our test suite.

I would hold off making any fixes to the parser you wrote. I've got an update to python-nss coming soon which fully supports certificate loading, decoding and inspection using NSS entry points. It properly (or so I hope) handles all the variants (which are numerous) including ia5string.

We should converge on using NSS for everything, the update will get us a lot closer to that goal.

John Dennis <jden...@redhat.com>

Looking to carve out IT costs?

Freeipa-users mailing list

Reply via email to