pushed to both master and DOGTAG_10_1_BRANCH

master:
commit ee33bb2a90a183b9d5552c6ac193e9d8958a3974

DOGTAG_10_1_BRANCH:
commit 7da4d9802f058f2f78777928c7e259578ad6daef

Christina

On 09/25/2014 10:04 AM, Matthew Harmsen wrote:

ACK

On 09/25/14 09:19, Christina Fu wrote:
This patch is for ticket:
https://fedorahosted.org/pki/ticket/1110 - pkispawn (configuration) does not provide CA extensions in subordinate certificate signing requests (CSR)

It was agreed upon that this patch just needs to provide the bare essential to do the job without anything fancy.

As a result, four new pkispawn configuration parameters are introduced with the following default:
pki_req_ext_add=False
pki_req_ext_oid=1.3.6.1.4.1.311.20.2
pki_req_ext_critical=False
pki_req_ext_data=1E0A00530075006200430041

where pki_req_ext_add controls whether this extra request extension is to be added or not to the csr of a CA signing cert (by default it's False). It is available only for the "external CA" case, and only one such extension can be added.

There is a potential that in the future we could make this extension available for all cert requests and in multiple. However, it is not a goal at this time for the purpose of this patch. When the need arises, we will file a separate ticket for it.

Thanks,
Christina
_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel