Hi Fraser and list,
I've wrote a (minimal) draft [1] of the test plan for the Sub CAs feature
and I also have several questions.
Could you please take a look at it?
Questions:
As described in the last (currently) test case, should it be possible to
specify
both the CA and certificate profile in cert-request call?
This way one could use (at least) two ACLs (one affiliated with CA, one
with a profile).
Are there such use cases?
Related to this, what happens when CA ACL has specific CA and profile
category (all)?
Applicable to other combinations as well. The ACL category semantics is
a bit unclear for me here.
Is there any validation of the CA's DN (syntax)?
How would you approach testing of the Sub CA certificate renewal and key
replication
(I do not know if this is covered at the respective component's level or
not)?
[1]: http://www.freeipa.org/page/V4/Sub-CAs/Test_Plan
Thanks
--
Milan Kubik
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code