[Freeipa-devel] [freeipa PR#813][comment] Add Subject Key Identifier to CA cert validity check
URL: https://github.com/freeipa/freeipa/pull/813 Title: #813: Add Subject Key Identifier to CA cert validity check MartinBasti commented: """ master: * bc6d4995144505c45a62320c71f503b54f68a962 Add Subject Key Identifier to CA cert validity check """ See the full comment at https://github.com/freeipa/freeipa/pull/813#issuecomment-304840676 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#813][comment] Add Subject Key Identifier to CA cert validity check
URL: https://github.com/freeipa/freeipa/pull/813 Title: #813: Add Subject Key Identifier to CA cert validity check stlaz commented: """ @frasertweedale I guess you're right. We should therefore not triage it for 4.5 since it's just a rare usability bug which will probably not appear in production. Thanks for the patch and reasoning :) """ See the full comment at https://github.com/freeipa/freeipa/pull/813#issuecomment-304221920 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#813][comment] Add Subject Key Identifier to CA cert validity check
URL: https://github.com/freeipa/freeipa/pull/813 Title: #813: Add Subject Key Identifier to CA cert validity check frasertweedale commented: """ @stlaz I don't think backport to 4.5 is essential. This issue is something that should be rare in practice, i.e. if a proper CA implementation signs the CSR (e.g. MS/AD-CS) the SKI extension will be there. """ See the full comment at https://github.com/freeipa/freeipa/pull/813#issuecomment-304219339 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#813][comment] Add Subject Key Identifier to CA cert validity check
URL: https://github.com/freeipa/freeipa/pull/813 Title: #813: Add Subject Key Identifier to CA cert validity check stlaz commented: """ Works for me, 4.5 patch is needed with ^-- in mind. """ See the full comment at https://github.com/freeipa/freeipa/pull/813#issuecomment-304029663 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
[Freeipa-devel] [freeipa PR#813][comment] Add Subject Key Identifier to CA cert validity check
URL: https://github.com/freeipa/freeipa/pull/813 Title: #813: Add Subject Key Identifier to CA cert validity check stlaz commented: """ I will review this but we also need a patch for 4.5 which unfortunately still uses python-nss for certificate validation. """ See the full comment at https://github.com/freeipa/freeipa/pull/813#issuecomment-304026101 ___ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org