Re: [Pki-devel] [PATCH] 2-3 Copy ExtendedKeyUsage from signing request

On Mon, Jun 16, 2014 at 05:57:03PM +1000, Fraser Tweedale wrote: > Hi all, > > These patches implement support for copying the ExtendedKeyUsage > extension from a signing request to the certificate, addressing > https://fedorahosted.org/freeipa/ticket/2915. > > My email from a few days ago goes into a bit more detail and puts > forward the question of whether this is even a reasonable approach > to solving #2915. Since I haven't yet received any feedback I > figured I'd go ahead and publish the patches. > > > Patch 0002: > > Add appropriate ExtendedKeyUsage constraints to all profiles that > support this extension. To check that none were missed: > > $ ag -l extendedKeyUsageExtDefaultImpl \ > | xargs ag -L extendedKeyUsageExtConstraintImpl > > Patch 0003: > > The actual fix: EKU extension is copied from signing request, or the > default is used when the extension does not appear in the request. New patch versions; fixed commit author (hadn't changed .gitconfig from personal email address :). Rebased also, but no other changes. _______________________________________________ Pki-devel mailing list Pki-devel(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-devel