subject:"\[Freeipa\-devel\] \[PATCH\] 210 Allow SAN in IPA certificate profile"

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-06-24 Thread Martin Kosek

On 06/24/2014 11:30 AM, Jan Cholasta wrote: > On 23.6.2014 13:01, Martin Kosek wrote: >> On 06/18/2014 02:09 PM, Jan Cholasta wrote: >> ... >> 3) I am thinking why do we need to introduce all the ASN parsing? I am >> talking >> about _decode_krb5principalname and others. If we do not us

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-06-24 Thread Jan Cholasta

On 23.6.2014 13:01, Martin Kosek wrote: On 06/18/2014 02:09 PM, Jan Cholasta wrote: ... 3) I am thinking why do we need to introduce all the ASN parsing? I am talking about _decode_krb5principalname and others. If we do not use the result anywhere, why should we include this part at all? To wo

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-06-23 Thread Martin Kosek

On 06/18/2014 02:09 PM, Jan Cholasta wrote: ... 3) I am thinking why do we need to introduce all the ASN parsing? I am talking about _decode_krb5principalname and others. If we do not use the result anywhere, why should we include this part at all? >>> >>> To work around shortc

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-06-18 Thread Jan Cholasta

On 16.6.2014 16:08, Martin Kosek wrote: On 06/16/2014 02:57 PM, Jan Cholasta wrote: On 16.6.2014 13:31, Martin Kosek wrote: On 06/11/2014 02:59 PM, Jan Cholasta wrote: On 11.6.2014 13:29, Martin Kosek wrote: On 06/11/2014 10:58 AM, Jan Cholasta wrote: On 10.6.2014 09:55, Martin Kosek wrote:

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-06-16 Thread Martin Kosek

On 06/16/2014 02:57 PM, Jan Cholasta wrote: > On 16.6.2014 13:31, Martin Kosek wrote: >> On 06/11/2014 02:59 PM, Jan Cholasta wrote: >>> On 11.6.2014 13:29, Martin Kosek wrote: On 06/11/2014 10:58 AM, Jan Cholasta wrote: > On 10.6.2014 09:55, Martin Kosek wrote: >> On 06/06/2014 12:50

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-06-16 Thread Jan Cholasta

On 16.6.2014 13:31, Martin Kosek wrote: On 06/11/2014 02:59 PM, Jan Cholasta wrote: On 11.6.2014 13:29, Martin Kosek wrote: On 06/11/2014 10:58 AM, Jan Cholasta wrote: On 10.6.2014 09:55, Martin Kosek wrote: On 06/06/2014 12:50 PM, Jan Cholasta wrote: On 23.1.2014 14:34, Jan Cholasta wrote:

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-06-16 Thread Martin Kosek

On 06/11/2014 02:59 PM, Jan Cholasta wrote: > On 11.6.2014 13:29, Martin Kosek wrote: >> On 06/11/2014 10:58 AM, Jan Cholasta wrote: >>> On 10.6.2014 09:55, Martin Kosek wrote: On 06/06/2014 12:50 PM, Jan Cholasta wrote: > On 23.1.2014 14:34, Jan Cholasta wrote: >> On 22.1.2014 16:43,

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-06-11 Thread Jan Cholasta

On 11.6.2014 13:29, Martin Kosek wrote: On 06/11/2014 10:58 AM, Jan Cholasta wrote: On 10.6.2014 09:55, Martin Kosek wrote: On 06/06/2014 12:50 PM, Jan Cholasta wrote: On 23.1.2014 14:34, Jan Cholasta wrote: On 22.1.2014 16:43, Simo Sorce wrote: On Wed, 2014-01-22 at 16:05 +0100, Jan Cholast

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-06-11 Thread Martin Kosek

On 06/11/2014 10:58 AM, Jan Cholasta wrote: > On 10.6.2014 09:55, Martin Kosek wrote: >> On 06/06/2014 12:50 PM, Jan Cholasta wrote: >>> On 23.1.2014 14:34, Jan Cholasta wrote: On 22.1.2014 16:43, Simo Sorce wrote: > On Wed, 2014-01-22 at 16:05 +0100, Jan Cholasta wrote: >> On 22.1.201

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-06-11 Thread Jan Cholasta

On 10.6.2014 09:55, Martin Kosek wrote: On 06/06/2014 12:50 PM, Jan Cholasta wrote: On 23.1.2014 14:34, Jan Cholasta wrote: On 22.1.2014 16:43, Simo Sorce wrote: On Wed, 2014-01-22 at 16:05 +0100, Jan Cholasta wrote: On 22.1.2014 15:34, Simo Sorce wrote: On Wed, 2014-01-22 at 10:40 +0100, Ja

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-06-10 Thread Martin Kosek

On 06/10/2014 09:55 AM, Martin Kosek wrote: > On 06/06/2014 12:50 PM, Jan Cholasta wrote: ... >> Updated patches attached. >> >> Note that you will need python-nss 0.15 in order to test, you can get a RPM >> for >> Fedora here: . > > Jo

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-06-10 Thread Martin Kosek

On 06/06/2014 12:50 PM, Jan Cholasta wrote: > On 23.1.2014 14:34, Jan Cholasta wrote: >> On 22.1.2014 16:43, Simo Sorce wrote: >>> On Wed, 2014-01-22 at 16:05 +0100, Jan Cholasta wrote: On 22.1.2014 15:34, Simo Sorce wrote: > On Wed, 2014-01-22 at 10:40 +0100, Jan Cholasta wrote: >> On

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-06-06 Thread Jan Cholasta

On 23.1.2014 14:34, Jan Cholasta wrote: On 22.1.2014 16:43, Simo Sorce wrote: On Wed, 2014-01-22 at 16:05 +0100, Jan Cholasta wrote: On 22.1.2014 15:34, Simo Sorce wrote: On Wed, 2014-01-22 at 10:40 +0100, Jan Cholasta wrote: On 21.1.2014 17:12, Simo Sorce wrote: Later in the patch you seem

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-01-23 Thread Jan Cholasta

On 22.1.2014 16:43, Simo Sorce wrote: On Wed, 2014-01-22 at 16:05 +0100, Jan Cholasta wrote: On 22.1.2014 15:34, Simo Sorce wrote: On Wed, 2014-01-22 at 10:40 +0100, Jan Cholasta wrote: On 21.1.2014 17:12, Simo Sorce wrote: Later in the patch you seem to be changing from needing managedby_hos

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-01-22 Thread Simo Sorce

On Wed, 2014-01-22 at 16:05 +0100, Jan Cholasta wrote: > On 22.1.2014 15:34, Simo Sorce wrote: > > On Wed, 2014-01-22 at 10:40 +0100, Jan Cholasta wrote: > >> On 21.1.2014 17:12, Simo Sorce wrote: > >>> On Tue, 2014-01-21 at 14:02 +0100, Jan Cholasta wrote: > +request = None > +

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-01-22 Thread Jan Cholasta

On 22.1.2014 15:34, Simo Sorce wrote: On Wed, 2014-01-22 at 10:40 +0100, Jan Cholasta wrote: On 21.1.2014 17:12, Simo Sorce wrote: On Tue, 2014-01-21 at 14:02 +0100, Jan Cholasta wrote: +request = None +try: +request = pkcs10.load_certificate_request(csr) +

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-01-22 Thread Simo Sorce

On Wed, 2014-01-22 at 10:40 +0100, Jan Cholasta wrote: > On 21.1.2014 17:12, Simo Sorce wrote: > > On Tue, 2014-01-21 at 14:02 +0100, Jan Cholasta wrote: > >> +request = None > >> +try: > >> +request = pkcs10.load_certificate_request(csr) > >> +subject = pkcs

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-01-22 Thread Jan Cholasta

On 21.1.2014 17:12, Simo Sorce wrote: On Tue, 2014-01-21 at 14:02 +0100, Jan Cholasta wrote: +request = None +try: +request = pkcs10.load_certificate_request(csr) +subject = pkcs10.get_subject(request) +subjectaltname = pkcs10.get_subjectaltnam

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-01-21 Thread Simo Sorce

On Tue, 2014-01-21 at 14:02 +0100, Jan Cholasta wrote: > +request = None > +try: > +request = pkcs10.load_certificate_request(csr) > +subject = pkcs10.get_subject(request) > +subjectaltname = pkcs10.get_subjectaltname(request) Will this make the

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-01-21 Thread Jan Cholasta

On 20.1.2014 18:35, Simo Sorce wrote: On Mon, 2014-01-20 at 17:49 +0100, Jan Cholasta wrote: On 20.1.2014 16:36, Simo Sorce wrote: On Mon, 2014-01-20 at 11:07 +0100, Jan Cholasta wrote: On 17.1.2014 11:39, Jan Cholasta wrote: On 10.1.2014 13:34, Martin Kosek wrote: On 01/09/2014 04:49 PM, Si

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-01-20 Thread Simo Sorce

On Mon, 2014-01-20 at 17:49 +0100, Jan Cholasta wrote: > On 20.1.2014 16:36, Simo Sorce wrote: > > On Mon, 2014-01-20 at 11:07 +0100, Jan Cholasta wrote: > >> On 17.1.2014 11:39, Jan Cholasta wrote: > >>> On 10.1.2014 13:34, Martin Kosek wrote: > On 01/09/2014 04:49 PM, Simo Sorce wrote: > >>>

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-01-20 Thread Jan Cholasta

On 20.1.2014 16:36, Simo Sorce wrote: On Mon, 2014-01-20 at 11:07 +0100, Jan Cholasta wrote: On 17.1.2014 11:39, Jan Cholasta wrote: On 10.1.2014 13:34, Martin Kosek wrote: On 01/09/2014 04:49 PM, Simo Sorce wrote: On Thu, 2014-01-09 at 10:44 -0500, Rob Crittenden wrote: Martin Kosek wrote:

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-01-20 Thread Simo Sorce

On Mon, 2014-01-20 at 11:07 +0100, Jan Cholasta wrote: > On 17.1.2014 11:39, Jan Cholasta wrote: > > On 10.1.2014 13:34, Martin Kosek wrote: > >> On 01/09/2014 04:49 PM, Simo Sorce wrote: > >>> On Thu, 2014-01-09 at 10:44 -0500, Rob Crittenden wrote: > Martin Kosek wrote: > > On 01/09/2014

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-01-20 Thread Jan Cholasta

On 17.1.2014 11:39, Jan Cholasta wrote: On 10.1.2014 13:34, Martin Kosek wrote: On 01/09/2014 04:49 PM, Simo Sorce wrote: On Thu, 2014-01-09 at 10:44 -0500, Rob Crittenden wrote: Martin Kosek wrote: On 01/09/2014 03:12 PM, Simo Sorce wrote: Also maybe we should allow admins to bypass the n

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-01-17 Thread Jan Cholasta

On 10.1.2014 13:34, Martin Kosek wrote: On 01/09/2014 04:49 PM, Simo Sorce wrote: On Thu, 2014-01-09 at 10:44 -0500, Rob Crittenden wrote: Martin Kosek wrote: On 01/09/2014 03:12 PM, Simo Sorce wrote: Also maybe we should allow admins to bypass the need to have an actual object to represent

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-01-10 Thread Simo Sorce

On Fri, 2014-01-10 at 13:29 +0100, Martin Kosek wrote: > On 01/09/2014 03:37 PM, Simo Sorce wrote: > > On Thu, 2014-01-09 at 15:27 +0100, Martin Kosek wrote: > >> On 01/09/2014 03:12 PM, Simo Sorce wrote: > >>> On Thu, 2014-01-09 at 09:04 -0500, Simo Sorce wrote: > On Thu, 2014-01-09 at 09:51

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-01-10 Thread Rob Crittenden

Simo Sorce wrote: On Thu, 2014-01-09 at 10:44 -0500, Rob Crittenden wrote: Martin Kosek wrote: On 01/09/2014 03:12 PM, Simo Sorce wrote: Also maybe we should allow admins to bypass the need to have an actual object to represent the alt name ? I'd rather not. This would allow a rogue admin

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-01-10 Thread Martin Kosek

On 01/09/2014 04:49 PM, Simo Sorce wrote: > On Thu, 2014-01-09 at 10:44 -0500, Rob Crittenden wrote: >> Martin Kosek wrote: >>> On 01/09/2014 03:12 PM, Simo Sorce wrote: > > Also maybe we should allow admins to bypass the need to have an actual > object to represent the alt name ? >> >> I'

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-01-10 Thread Martin Kosek

On 01/09/2014 03:37 PM, Simo Sorce wrote: > On Thu, 2014-01-09 at 15:27 +0100, Martin Kosek wrote: >> On 01/09/2014 03:12 PM, Simo Sorce wrote: >>> On Thu, 2014-01-09 at 09:04 -0500, Simo Sorce wrote: On Thu, 2014-01-09 at 09:51 +0100, Martin Kosek wrote: > On 01/09/2014 12:26 AM, Simo Sor

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-01-09 Thread Simo Sorce

On Thu, 2014-01-09 at 10:44 -0500, Rob Crittenden wrote: > Martin Kosek wrote: > > On 01/09/2014 03:12 PM, Simo Sorce wrote: > >>> Also maybe we should allow admins to bypass the need to have an actual > >>> object to represent the alt name ? > > I'd rather not. This would allow a rogue admin to

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-01-09 Thread Rob Crittenden

Martin Kosek wrote: On 01/09/2014 03:12 PM, Simo Sorce wrote: On Thu, 2014-01-09 at 09:04 -0500, Simo Sorce wrote: On Thu, 2014-01-09 at 09:51 +0100, Martin Kosek wrote: On 01/09/2014 12:26 AM, Simo Sorce wrote: On Thu, 2013-12-05 at 14:37 +0100, Jan Cholasta wrote: Hi, the attached patch f

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-01-09 Thread Simo Sorce

On Thu, 2014-01-09 at 15:27 +0100, Martin Kosek wrote: > On 01/09/2014 03:12 PM, Simo Sorce wrote: > > On Thu, 2014-01-09 at 09:04 -0500, Simo Sorce wrote: > >> On Thu, 2014-01-09 at 09:51 +0100, Martin Kosek wrote: > >>> On 01/09/2014 12:26 AM, Simo Sorce wrote: > On Thu, 2013-12-05 at 14:37

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-01-09 Thread Martin Kosek

On 01/09/2014 03:12 PM, Simo Sorce wrote: > On Thu, 2014-01-09 at 09:04 -0500, Simo Sorce wrote: >> On Thu, 2014-01-09 at 09:51 +0100, Martin Kosek wrote: >>> On 01/09/2014 12:26 AM, Simo Sorce wrote: On Thu, 2013-12-05 at 14:37 +0100, Jan Cholasta wrote: > Hi, > > the attached pat

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-01-09 Thread Simo Sorce

On Thu, 2014-01-09 at 09:04 -0500, Simo Sorce wrote: > On Thu, 2014-01-09 at 09:51 +0100, Martin Kosek wrote: > > On 01/09/2014 12:26 AM, Simo Sorce wrote: > > > On Thu, 2013-12-05 at 14:37 +0100, Jan Cholasta wrote: > > >> Hi, > > >> > > >> the attached patch fixes

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-01-09 Thread Simo Sorce

On Thu, 2014-01-09 at 09:51 +0100, Martin Kosek wrote: > On 01/09/2014 12:26 AM, Simo Sorce wrote: > > On Thu, 2013-12-05 at 14:37 +0100, Jan Cholasta wrote: > >> Hi, > >> > >> the attached patch fixes . > > > > See the additional comments on 3977, I t

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-01-09 Thread Martin Kosek

On 01/09/2014 12:26 AM, Simo Sorce wrote: > On Thu, 2013-12-05 at 14:37 +0100, Jan Cholasta wrote: >> Hi, >> >> the attached patch fixes . > > See the additional comments on 3977, I think this patch should be NACKed > with extreme prejudice if it allow

Re: [Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2014-01-08 Thread Simo Sorce

On Thu, 2013-12-05 at 14:37 +0100, Jan Cholasta wrote: > Hi, > > the attached patch fixes . See the additional comments on 3977, I think this patch should be NACKed with extreme prejudice if it allows setting arbitrary subjectAltNames. Simo. -- Sim

[Freeipa-devel] [PATCH] 210 Allow SAN in IPA certificate profile

2013-12-05 Thread Jan Cholasta

Hi, the attached patch fixes . Honza -- Jan Cholasta >From 101547fae92dfa6dea0db34f68cb855f471af54d Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Thu, 5 Dec 2013 14:34:14 +0100 Subject: [PATCH] Allow SAN in IPA certificate profile. https://fed

38 matches

Mail list logo