From ab1667f3c1607a22c6df49ceba58274347bc5826 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Tue, 24 Nov 2009 16:07:44 -0500 Subject: Use pyasn1-based PKCS#10 and X509v3 parsers instead of pyOpenSSL. The pyOpenSSL PKCS#10 parser doesn't support attributes so we can't identify requests with subject alt names. Subject alt names are only allowed if: - the host for the alt name exists in IPA - if binding as host principal, the host is in the services managedBy attr --- tests/test_pkcs10/test2.csr | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 tests/test_pkcs10/test2.csr (limited to 'tests/test_pkcs10/test2.csr') diff --git a/tests/test_pkcs10/test2.csr b/tests/test_pkcs10/test2.csr new file mode 100644 index 000000000..ccc47f890 --- /dev/null +++ b/tests/test_pkcs10/test2.csr @@ -0,0 +1,15 @@ +-----BEGIN NEW CERTIFICATE REQUEST----- +MIICETCCAXoCAQAwTzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx +EDAOBgNVBAoTB0V4YW1wbGUxGTAXBgNVBAMTEHRlc3QuZXhhbXBsZS5jb20wgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOXfP8LeiU7g6wLCclgkT1lVskK+Lxm1 +6ijE4LmEQBk5nn2P46im+E/UOgTddbDo5cdJlkoCnqXkO4RkqJckXYDxfI34KL3C +CRFPvOa5Sg02m1x5Rg3boZfS6NciP62lRp0SI+0TCt3F16wYZxMahVIOXjbJ6Lu5 +mGjNn7XaWJhFAgMBAAGggYEwfwYJKoZIhvcNAQkOMXIwcDAeBgNVHREEFzAVghN0 +ZXN0bG93LmV4YW1wbGUuY29tME4GA1UdHwRHMEUwQ6BBoD+GHGh0dHA6Ly9jYS5l +eGFtcGxlLmNvbS9teS5jcmyGH2h0dHA6Ly9vdGhlci5leGFtcGxlLmNvbS9teS5j +cmwwDQYJKoZIhvcNAQEFBQADgYEAkv8pppcgGhX7erJmvg9r2UHrRriuKaOYgKZQ +lf/eBt2N0L2mV4QvCY82H7HWuE+7T3mra9ikfvz0nYkPJQe2gntjZzECE0Jt5LWR +UZOFwX8N6wrX11U2xu0NlvsbjU6siWd6OZjZ1p5/V330lzut/q3CNzaAcW1Fx3wL +sV5SXSw= +-----END NEW CERTIFICATE REQUEST----- + -- cgit