This
patch is for ticket:
https://fedorahosted.org/pki/ticket/1110 - pkispawn
(configuration) does not provide CA extensions in subordinate
certificate signing requests (CSR)
It was agreed upon that this patch just needs to provide the bare
essential to do the job without anything fancy.
As a result, four new pkispawn configuration parameters are
introduced with the following default:
pki_req_ext_add=False
pki_req_ext_oid=1.3.6.1.4.1.311.20.2
pki_req_ext_critical=False
pki_req_ext_data=1E0A00530075006200430041
where pki_req_ext_add controls whether this extra request
extension is to be added or not to the csr of a CA signing cert
(by default it's False). It is available only for the "external
CA" case, and only one such extension can be added.
There is a potential that in the future we could make this
extension available for all cert requests and in multiple.
However, it is not a goal at this time for the purpose of this
patch. When the need arises, we will file a separate ticket for
it.
Thanks,
Christina
_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel