Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-1307

Clojure CA should refuse to sign any CSRs with authorized extensions

    XMLWordPrintable

Details

    • New Feature
    • Status: Closed
    • Normal
    • Resolution: Fixed
    • None
    • SERVER 2.5.0
    • None
    • None
    • 3
    • Server Jade 2016-06-01, Server Jade 2016-06-29, Server Jade 2016-07-13, Server Jade 2016-07-27
    • Not Needed

    Description

      In Scope

      • Update the Clojure CA to reject any CSR with x.509 extensions under the new puppet.1.3 OID arc. This should mirror the handling of CSRs with subjectAlternativeNames, see ensure-no-dns-alt-names! in the puppetserver codebase.

      Out of Scope

      • Doing anything with the CSRs besides rejecting them

      Attachments

        Issue Links

          Activity

            People

              erik Erik Dasher
              nathaniel Nathaniel Smith
              Erik Dasher Erik Dasher
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support