URL: https://github.com/SSSD/sssd/pull/570
Title: #570: p11_child: add OpenSSL support
fidencio commented:
"""
master:
2f897af
176e4d2
842daeb
4f63a1a
7190e0e
165f58a
b5136cd
6d6e4a5
4eed225
075f2f3
ee76c68
8adf6ea
8127b58
"""
See the full comment at
URL: https://github.com/SSSD/sssd/pull/570
Title: #570: p11_child: add OpenSSL support
jhrozek commented:
"""
ready to go :)
"""
See the full comment at
https://github.com/SSSD/sssd/pull/570#issuecomment-394312587
___
sssd-devel mailing list --
URL: https://github.com/SSSD/sssd/pull/570
Title: #570: p11_child: add OpenSSL support
sumit-bose commented:
"""
Yes, all patches from PR #533 are included here as well.
"""
See the full comment at
https://github.com/SSSD/sssd/pull/570#issuecomment-393934077
URL: https://github.com/SSSD/sssd/pull/570
Title: #570: p11_child: add OpenSSL support
jhrozek commented:
"""
btw can we close PR #553?
"""
See the full comment at
https://github.com/SSSD/sssd/pull/570#issuecomment-393865617
___
sssd-devel mailing
URL: https://github.com/SSSD/sssd/pull/570
Title: #570: p11_child: add OpenSSL support
jhrozek commented:
"""
Thank you, the code works and I don't have any more comments. I will run CI and
Coverity to be on the safe side before adding the accepted label.
"""
See the full comment at
URL: https://github.com/SSSD/sssd/pull/570
Title: #570: p11_child: add OpenSSL support
sumit-bose commented:
"""
oops, sorry, the latest version should fix this.
"""
See the full comment at
https://github.com/SSSD/sssd/pull/570#issuecomment-393853142
URL: https://github.com/SSSD/sssd/pull/570
Title: #570: p11_child: add OpenSSL support
jhrozek commented:
"""
On Thu, May 31, 2018 at 02:02:29AM -0700, sumit-bose wrote:
> ah, sorry, I meant /etc/sssd/pki/sssd_auth_ca_db.pem.
thank you, this works, but it looks like the directory is not
URL: https://github.com/SSSD/sssd/pull/570
Title: #570: p11_child: add OpenSSL support
sumit-bose commented:
"""
ah, sorry, I meant /etc/sssd/pki/sssd_auth_ca_db.pem.
"""
See the full comment at
https://github.com/SSSD/sssd/pull/570#issuecomment-393464732
URL: https://github.com/SSSD/sssd/pull/570
Title: #570: p11_child: add OpenSSL support
sumit-bose commented:
"""
I changed the path to /etc/sssd/pki/sssd_auth_crl.pem.
"""
See the full comment at
https://github.com/SSSD/sssd/pull/570#issuecomment-393446015
URL: https://github.com/SSSD/sssd/pull/570
Title: #570: p11_child: add OpenSSL support
jhrozek commented:
"""
> On 30 May 2018, at 12:39, sumit-bose wrote:
>
> About /etc/sssd/pki, I'm sorry, I didn't understood you correctly in the
> first place. You suggested to use a directory based CA
URL: https://github.com/SSSD/sssd/pull/570
Title: #570: p11_child: add OpenSSL support
sumit-bose commented:
"""
About /etc/sssd/pki, I'm sorry, I didn't understood you correctly in the first
place. You suggested to use a directory based CA store (e.g. TLS_CACERTDIR of
OpenLDAP) instead of a
URL: https://github.com/SSSD/sssd/pull/570
Title: #570: p11_child: add OpenSSL support
jhrozek commented:
"""
> On 30 May 2018, at 11:03, sumit-bose wrote:
>
> Hi Jakub,
>
> the latest version fixes the softhsm2-util-p11tool issues, if one of the
> tools is missing the test CA and related
URL: https://github.com/SSSD/sssd/pull/570
Title: #570: p11_child: add OpenSSL support
sumit-bose commented:
"""
Hi Jakub,
the latest version fixes the softhsm2-util-p11tool issues, if one of the tools
is missing the test CA and related tests are not build.
About additional files, yes there
URL: https://github.com/SSSD/sssd/pull/570
Title: #570: p11_child: add OpenSSL support
jhrozek commented:
"""
Coverity and CI are clean. The last remaining things to discuss before pushing
is the default of the CA cert option and maybe skipping the tests. But the code
looks good to me and
URL: https://github.com/SSSD/sssd/pull/570
Title: #570: p11_child: add OpenSSL support
jhrozek commented:
"""
> On 28 May 2018, at 13:21, sumit-bose wrote:
>
> Hi @jhrozek, thank you for the review.
>
> I added 'certmap: allow missing empty EKU in OpenSSL version' to fix the
> missing EKU
URL: https://github.com/SSSD/sssd/pull/570
Title: #570: p11_child: add OpenSSL support
jhrozek commented:
"""
> On 29 May 2018, at 13:50, Jakub Hrozek wrote:
>
> There seems to be one more glitch. If I don't have softsm-util installed,
> then configure says it can't be found, but then make
URL: https://github.com/SSSD/sssd/pull/570
Title: #570: p11_child: add OpenSSL support
jhrozek commented:
"""
same issue with p11-tool btw
"""
See the full comment at
https://github.com/SSSD/sssd/pull/570#issuecomment-392752386
___
sssd-devel
URL: https://github.com/SSSD/sssd/pull/570
Title: #570: p11_child: add OpenSSL support
jhrozek commented:
"""
There seems to be one more glitch. If I don't have `softsm-util` installed,
then configure says it can't be found, but then make fails with:
```
SOFTHSM2_CONF=./softhsm2_none.conf
URL: https://github.com/SSSD/sssd/pull/570
Title: #570: p11_child: add OpenSSL support
sumit-bose commented:
"""
Hi @jhrozek, thank you for the review.
I added 'certmap: allow missing empty EKU in OpenSSL version' to fix the
missing EKU issues. The patch also contains a new test certificate
URL: https://github.com/SSSD/sssd/pull/570
Title: #570: p11_child: add OpenSSL support
sumit-bose commented:
"""
I think the two issues should be fixed before pushing, I added 'Change
requested'
"""
See the full comment at
https://github.com/SSSD/sssd/pull/570#issuecomment-391699735
URL: https://github.com/SSSD/sssd/pull/570
Title: #570: p11_child: add OpenSSL support
jhrozek commented:
"""
oh and the code looks good to me, CI passed and Coverity didn't report any
issues.
"""
See the full comment at
https://github.com/SSSD/sssd/pull/570#issuecomment-391687742
URL: https://github.com/SSSD/sssd/pull/570
Title: #570: p11_child: add OpenSSL support
jhrozek commented:
"""
My testing worked well with a Yubikey. I hit two issues:
- I couldn't authenticate without EKUs being present in the certificate
- I had to manually specify pam_cert_db_path otherwise
URL: https://github.com/SSSD/sssd/pull/570
Title: #570: p11_child: add OpenSSL support
jhrozek commented:
"""
OK, I'm done with the code review. tl;dr the zero timeut is confusing and the
commented out code needs to be removed. I'm struggling a bit with testing with
Yubikey for some reason,
URL: https://github.com/SSSD/sssd/pull/570
Title: #570: p11_child: add OpenSSL support
jhrozek commented:
"""
Let me review the whole lot and sorry PR #553 was taking too long, but
downstream was..busy..lately..
first, I'll just add comments about the patches as I read them, testing will be
24 matches
Mail list logo