Re: [Freeipa-devel] [PATCH] 242 new method to identify CAs to trust
On Fri, 2009-07-24 at 09:30 -0400, Rob Crittenden wrote: > Jason Gerard DeRose wrote: > > On Thu, 2009-07-23 at 17:57 -0400, Rob Crittenden wrote: > >> A new way to identify the CAs to trust when importing a PKCS#12 file > >> (like during replica installation). We used to use certutil -O but > >> Fedora 11 changed certutil so it doesn't show untrusted CAs (the whole > >> point of running the command). > >> > >> Instead parse the output of pk12util -l to find the nicknames of the CAs > >> to trust. > >> > >> rob > > > > The code looks fine, but I can't get it to apply. > > > > I needed to do a rebase. New patch attached that should apply cleanly to > the tip. > > rob ack. pushed to master. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 242 new method to identify CAs to trust
Jason Gerard DeRose wrote: On Thu, 2009-07-23 at 17:57 -0400, Rob Crittenden wrote: A new way to identify the CAs to trust when importing a PKCS#12 file (like during replica installation). We used to use certutil -O but Fedora 11 changed certutil so it doesn't show untrusted CAs (the whole point of running the command). Instead parse the output of pk12util -l to find the nicknames of the CAs to trust. rob The code looks fine, but I can't get it to apply. I needed to do a rebase. New patch attached that should apply cleanly to the tip. rob freeipa-242-2-trust.patch Description: application/mbox smime.p7s Description: S/MIME Cryptographic Signature ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 242 new method to identify CAs to trust
On Thu, 2009-07-23 at 17:57 -0400, Rob Crittenden wrote: > A new way to identify the CAs to trust when importing a PKCS#12 file > (like during replica installation). We used to use certutil -O but > Fedora 11 changed certutil so it doesn't show untrusted CAs (the whole > point of running the command). > > Instead parse the output of pk12util -l to find the nicknames of the CAs > to trust. > > rob The code looks fine, but I can't get it to apply. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel