From 668a1b657fc32f50d92e2a520e473d5bfa5338b7 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Feb 24 2014 14:18:52 +0000 Subject: Note plans for validating requested-profile --- diff --git a/doc/submit.txt b/doc/submit.txt index e970b0c..3263a0b 100644 --- a/doc/submit.txt +++ b/doc/submit.txt @@ -81,6 +81,25 @@ Operations to be added (tentative): property. * This will let us push lack-of-required-input all the way back from the CA helper to the getcert client. + * Invoked with "GET-SUPPORTED-TEMPLATES" as the value of the + $CERTMONGER_OPERATION environment variable: + * Output list of templates/profiles/certtypes which the server claims + to be able to issue. + * Poll for this at startup, translate the result back into an + attribute list, and store it in the CA entry, exposed as a list + property. + * This will let us push lack-of-required-input all the way back + from the CA helper to the getcert client. + * Invoked with "GET-DEFAULT-TEMPLATES" as the value of the + $CERTMONGER_OPERATION environment variable: + * Output a single template/profile/certtype which the server claims + to be able to issue, which we'll assign to new requests if there's + no value to be recovered from an already-issued certificate and + none is specified on the command line. + * Poll for this at startup, store it in the CA entry, exposed as a + string property. + * This will let us avoid breaking scripts that don't expect us + to be requiring a template name. For testing purposes, a helper can be added by creating a file in the CAs directory (usually /var/lib/certmonger/cas) with these contents: