On 11.7.2011 23:48, Rob Crittenden wrote:
When loading a chained CA from a PKCS#7 or PEM file we used to use very
generic nicknames, sometimes as bad as "Imported CA" in the case of
winsync. This will use the subject of the cert to get the nickname instead.
I also extended the API of some of the x509 functions to optionally take
in the NSS database dir. I had originally used this in the patch but did
it another way but still thought the changes useful.
ticket https://fedorahosted.org/freeipa/ticket/1141
Word of warning, this is going to require a fair bit of testing. The way
to test it is to install with an external CA, then install a replica
with a CA to be sure that works as well. Testing basic installs would be
handy as well.
rob
ACK, everything seems to work fine.
Honza
--
Jan Cholasta
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
