Issue #23200 has been reported by Adrien Thebo. ---------------------------------------- Feature #23200: CSR extension requests should be conditionally copied to signed certificates https://projects.puppetlabs.com/issues/23200
* Author: Adrien Thebo * Status: Accepted * Priority: Normal * Assignee: * Category: * Target version: * Affected Puppet version: * Keywords: * Branch: ---------------------------------------- When the Puppet CA evaluates a CSR, safe extension requests should be copied into the signed certificate. This allows user specified information to be included in the certificate to provide an immutable data source about a given node. Since certificate extensions can have semantic meanings, extension requests should only be copied across if they have been verified as safe. This could take the form of a hardcoded whitelist of OID subtrees, or a user specified list of OIDs to whitelist. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/groups/opt_out.
