[PATCH] 416 Fixed issuedOn parameters for cert-find.
by Endi Sukma Dewata
The CertSearchRequest has been modified to fix the infinite loop
in getIssuedOnTo(). The CertFindCLI has been modified to accept
dates with format YYYY-MM-DD instead of epoch time.
Ticket #416
--
Endi S. Dewata
12 years, 2 months
[PATCH] 187 Fixed default security domain user.
by Endi Sukma Dewata
The deployment code has been modified such that if the security
domain user is not specified it will use the CA admin uid, or
Common uid, if it is defined. Otherwise it will use the default
"caadmin".
Ticket #399
--
Endi S. Dewata
12 years, 2 months
Best practice for cert chains
by Rob Crittenden
I need some help with best practice for a subordinate CA and
distributing the CA certificate(s).
If I have a root cert A, which issues a subordinate CA B, what does an
SSL client need to trust in order to communicate with a server
certificate issued by B? Does it only need to know about and trust B or
does it need to know and trust A as well?
I ask because I see different behavior in testing ldapsearch in RHEL-5
(openSSL) and RHEL-6 (NSS).
RHEL-5 requires the entire cert chain, RHEL-6 requires just the leaf.
Currently IPA only distributes the IPA CA, not the rest of the chain.
The answer will impact a CVE we're working on, so our need is urgent and
the word is mum.
thanks
rob
12 years, 2 months
[PATCH] 92 - misc changes to get rhel 7 build to work
by Ade Lee
Misc changes to get rhel 7 build to work
1. Modified cmake dependency
2. Corrected conditionals in spec file
3. Added paths for resteasy-base
4. Added paths to policy for resteasy-base
Please review.
Ade
12 years, 3 months
problems installing dogtag in RHEL-7
by Rob Crittenden
I started trying to get ipa 3.x working in RHEL 7 tonight. Better late
than never...
pki-core isn't installable because it is still v9 and conflicts with
selinux-policy, but that isn't the reason for this e-mail.
This is a heads-up. I wanted to let you know that I had a heck of a time
trying to get the java dependencies resolved. I'm not sure if it is
because I threw my repos together in a slap-dash way or what, but all
file-based dependencies failed (velocity, for example).
I also had to force java to be installed. It kept trying to install
java-gcj and failing in some odd ways.
I finally got all the dependencies installed with:
# yum -y install java
# yum -y install velocity
# yum -y install ldapjdk
I doubt this is a problem with your dependencies, but wanted to give you
a heads-up because I gather you haven't started the pkgwrangler imports yet.
rob
12 years, 3 months
[PATCH] fix dogtag build for new cmake
by Ade Lee
New build of cmake is about to break us. The following patches address
that. Also updated some of the spec files to support F17+ and RHEL7+.
Note: after this change, developers using f17 will need to install cmake
2.8.10.1-1 from the f18 repo.
Please review.
Ade
12 years, 3 months