ACK
One minor issue: The explaining text in the CS.cfg is incorrect. It has the meaning of the new flag reverse to what is intended: When recovering by keyid: externalReg.recover.byKeyID=false +externalReg._024=# - keyid in record indicates actual recovery; +externalReg._025=# e.g. (certstoadd: 36,ca1,5,kra1) +externalReg._026=# - missing of which means retention; +externalReg._027=# e.g. (certstoadd: 36,ca1) +externalReg._028=# When recovering by cert: externalReg.recover.byKeyID=true +externalReg._029=# - keyid field needs to be present +externalReg._030=# but the value is not relevant and will be ignored +externalReg._031=# (a "0" would be fine) +externalReg._032=# e.g. (certstoadd: 36,ca1,0,kra1) +externalReg._033=# - missing of keyid still means retention; +externalReg._034=# e.g. (certstoadd: 36,ca1) false and true for byKeID is switched. Also, since there is a small chance of impact to certain external reg features, such as retention, it might make sense to recommend a quick sanity test of the external reg feature after this. In the future we might want to more strongly discourage the keyid pathway. ----- Original Message ----- > From: "Christina Fu" <[email protected]> > To: [email protected] > Sent: Thursday, October 6, 2016 2:18:49 PM > Subject: [Pki-devel] [PATCH] > pki-cfu-0153-Ticket-2496-Cert-Key-recovery-is-successful-when-the.patch > > Attached please find the patch for > > https://fedorahosted.org/pki/ticket/2496 Cert/Key recovery is successful > when the cert serial number and key id on the ldap user mismatches > > Description is in patch summary. > > thanks, > > Christina > > > _______________________________________________ > Pki-devel mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/pki-devel _______________________________________________ Pki-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-devel
