Issue #23200 has been reported by Adrien Thebo. ---------------------------------------- Feature #23200: CSR extension requests should be conditionally copied to signed certificates https://projects.puppetlabs.com/issues/23200
* Author: Adrien Thebo * Status: Accepted * Priority: Normal * Assignee: * Category: * Target version: * Affected Puppet version: * Keywords: * Branch: ---------------------------------------- When the Puppet CA evaluates a CSR, safe extension requests should be copied into the signed certificate. This allows user specified information to be included in the certificate to provide an immutable data source about a given node. Since certificate extensions can have semantic meanings, extension requests should only be copied across if they have been verified as safe. This could take the form of a hardcoded whitelist of OID subtrees, or a user specified list of OIDs to whitelist. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/groups/opt_out.
