Re: [Pki-devel] [PATCH] 008 Wrap CertData.pkcs7_cert_chain in BEGIN/END CERTIFICATE
NACK.
Agreed that this is not the right place for this fix. If we fix in
Python client, then Java and Python clients will be inconsistent.
This needs to be fixed on the server.
Ade
On Wed, 2015-07-01 at 14:48 +0200, Christian Heimes wrote:
Hello,
the patch fixes #1374. It feels wrong to fix the bug in Python space. I
have addressed my concerns in
https://fedorahosted.org/pki/ticket/1374#comment:8
According to https://www.openssl.org/docs/apps/pkcs7.html a PEM PKCS7
message can be wrapped in either BEGIN PKCS7/END PKCS7 or in BEGIN
CERTIFICATE/END CERTIFICATE. Barbican uses BEGIN CERTIFICATE in the file
https://github.com/openstack/barbican/blob/master/barbican/plugin/dogtag.py.
Let's do that, too.
A fix for pki.cert.CertData is trivial. However I'm not sure if that is
the best place to add the wrapping header and footer. It may be a better
idea to fix it once and for all at the root in
org.dogtagpki.server.ca.rest.CertService.getCertChainData().
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel