This patch is for ticket:
https://fedorahosted.org/pki/ticket/1110 - pkispawn (configuration) does not provide CA extensions in subordinate certificate signing requests (CSR)
It was agreed upon that this patch just needs to provide the bare essential to do the job without anything fancy.
As a result, four new pkispawn configuration parameters are introduced with the following default:
pki_req_ext_add=False
pki_req_ext_oid=1.3.6.1.4.1.311.20.2
pki_req_ext_critical=False
pki_req_ext_data=1E0A00530075006200430041
where pki_req_ext_add controls whether this extra request extension is to be added or not to the csr of a CA signing cert (by default it's False). It is available only for the "external CA" case, and only one such extension can be added.
There is a potential that in the future we could make this extension available for all cert requests and in multiple. However, it is not a goal at this time for the purpose of this patch. When the need arises, we will file a separate ticket for it.
Thanks,
Christina
_______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel