URL:
https://github.com/freeipa/freeipa/pull/5495
Author: tiran
Title: #5495: Ensure that KDC cert has SAN DNS entry
Action: opened
PR body:
"""
The dns parameter of request_and_wait_for_cert() must be a string of
hostnames.
* Enforce list/tuple type so that API misuse no longer passes silently.
* Add commonNameToSANDefaultImpl to KDCs_PKINIT_Certs profile
* Explicitly pass hostname for service certs
Fixes:
https://pagure.io/freeipa/issue/8685
Signed-off-by: Christian Heimes <cheimes(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa
https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5495/head:pr5495
git checkout pr5495