I have replied to your original email.  Please let us know whether you have tried the existing method I suggested in the email and what the result was.

thanks,
Christina

On 06/17/2014 10:54 PM, Fraser Tweedale wrote:
On Mon, Jun 16, 2014 at 05:57:03PM +1000, Fraser Tweedale wrote:

Hi all,

These patches implement support for copying the ExtendedKeyUsage
extension from a signing request to the certificate, addressing
https://fedorahosted.org/freeipa/ticket/2915.

My email from a few days ago goes into a bit more detail and puts
forward the question of whether this is even a reasonable approach
to solving #2915.  Since I haven't yet received any feedback I
figured I'd go ahead and publish the patches.


Patch 0002:

Add appropriate ExtendedKeyUsage constraints to all profiles that
support this extension.  To check that none were missed:

    $ ag -l extendedKeyUsageExtDefaultImpl \
      | xargs ag -L extendedKeyUsageExtConstraintImpl

Patch 0003:

The actual fix: EKU extension is copied from signing request, or the
default is used when the extension does not appear in the request.

New patch versions; fixed commit author (hadn't changed .gitconfig
from personal email address :).  Rebased also, but no other changes.



_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel