koji-tools

Clone
Source Code
GIT

#57 koji-ssl-admin: add uid attribute to user certificates
Merged 3 years ago by tkopecek. Opened 3 years ago by ktdreyer.
ktdreyer/koji-tools user-uid  into  master

file modified
+2 -1 
@@ -143,9 +143,10 @@ 
 

      if os.path.exists(path) and not force:
 

          raise OSError(errno.EEXIST, os.strerror(errno.EEXIST), path)
 

      builder = x509.CertificateSigningRequestBuilder()
 

-     # Build the basic cert with the simple common name:
 

+     # Build the basic cert with the "common name" and "uid" attributes:
 

      subject_name = x509.Name([
 

          x509.NameAttribute(NameOID.COMMON_NAME, username),
 

+         x509.NameAttribute(NameOID.USER_ID, username),
 

      ])
 

      builder = builder.subject_name(subject_name)
 

      # This is not a CA:

Generate user certificates with a "UID" attribute in the subject field.

For now Koji's instructions tell users to configure DNUsernameComponent = CN. Eventually we may want to switch "CN" over to "UID". Some certificate authorities do not set the "CN" attribute to a simple username. For example Red Hat Certificate Server sets "CN" to "Ken Dreyer kdreyer", and "UID" to "kdreyer".

As a first step, set both "CN" and "UID" attributes to the same value.

I think we've been running Brew with DNUsernameComponent = UID for a while now.

yes, we've UID there.

Commit d76dabf fixes this pull-request

Pull-Request has been merged by tkopecek
3 years ago

Pull-Request has been merged by tkopecek
3 years ago
Metadata
None
No Tags
Changes Summary 1
+2 -1
file changed
src/bin/koji-ssl-admin
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.