On 05/03/2010 01:23 PM, Rob Crittenden wrote:
Marc Schlinger wrote:
p.s: I really had problems without the ia5string stuff. I'm not crazy!
am I?
I don't think so, I just didn't run into it myself. It could be because
you use openssl to create the CSR and I used the NSS tools. Or it could
be because your locale is different, or the phase of the moon, who knows
:-) The pyasn1 guys have a code comment questioning why ia5string is
needed as well: # hm, this should not be here!? XXX If we're going to
get requests with ia5strings I'm ok with adding support to the parser.
The reason I asked for the cert sample was so I would be able to test
the fix end-to-end, and perhaps incorporate it into our test suite.
I would hold off making any fixes to the parser you wrote. I've got an
update to python-nss coming soon which fully supports certificate
loading, decoding and inspection using NSS entry points. It properly (or
so I hope) handles all the variants (which are numerous) including
ia5string.
We should converge on using NSS for everything, the update will get us a
lot closer to that goal.
--
John Dennis <[email protected]>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
