Issue #23200 has been updated by Melissa Stone. Status changed from Merged - Pending Release to Closed
Released in Puppet 3.4.0-rc1 ---------------------------------------- Feature #23200: CSR extension requests should be conditionally copied to signed certificates https://projects.puppetlabs.com/issues/23200#change-100512 * Author: Adrien Thebo * Status: Closed * Priority: Normal * Assignee: * Category: SSL * Target version: 3.4.0 * Affected Puppet version: * Keywords: * Branch: https://github.com/puppetlabs/puppet/pull/2088 ---------------------------------------- When the Puppet CA evaluates a CSR, safe extension requests should be copied into the signed certificate. This allows user specified information to be included in the certificate to provide an immutable data source about a given node. Since certificate extensions can have semantic meanings, extension requests should only be copied across if they have been verified as safe. This could take the form of a hardcoded whitelist of OID subtrees, or a user specified list of OIDs to whitelist. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/groups/opt_out.
