looks good per our discussion over irc.
One little nitpick:

+     * 2.  Gets default.params.signingAlg from profile.
+     *     If entry does not exist, selects first algorithm in allowed algorithm list that matches

How about "If entry does not exist, or contains a "-", selects first ..." ?

Conditional ACK (just fix that little comment then you are good).

thanks,
Christina

On 10/30/2013 01:19 PM, Ade Lee wrote:

The code to select the signing algorithm for the admin cert in a CA
install is broken.  Right now, it will select SHA1 by default.

This patch fixes the broken logic and adds some additional checks.
Please review, 

Ade

_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel