New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cert module fixes #55
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a minor enhancement request. Everything else is good. ACK.
# audit and CA certs require special flags set in NSSDB | ||
# TODO: When CA renewal is added, add the corresponding trust attrs for CA | ||
trust_attributes = None | ||
if cert_tag == 'audit_signing': |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's add another case for cert_id == 'ca_signing' although we may not support renewing CA signing cert right now. The flag should be "CT,C,C". The "u" flag will automatically be added by NSS if the cert has a corresponding key in the database.
# TODO: When CA renewal is added, add the corresponding trust attrs for CA | ||
trust_attributes = None | ||
if cert_tag == 'audit_signing': | ||
trust_attributes = 'u,u,Pu' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's change it to ",,P". The "u" flag will automatically be added by NSS if the cert has a corresponding key in the database.
8190e6b
to
b85d2df
Compare
`pki-server cert-create --serial <serial>` option now accepts both hex and int. This patch syncs up with other modules on processing the user provided --serial option Ticket: https://pagure.io/dogtagpki/issue/3067 Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
The audit_signing and ca_signing require special flags to be set in nssdb to render it useful. This patch fixes this issue. Ticket: https://pagure.io/dogtagpki/issue/3066 Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
b85d2df
to
3adba35
Compare
Fixes: