November 2012 - Pki-devel - Dogtag Pki List Archives

[PATCH] 416 Fixed issuedOn parameters for cert-find.

by Endi Sukma Dewata

The CertSearchRequest has been modified to fix the infinite loop in getIssuedOnTo(). The CertFindCLI has been modified to accept dates with format YYYY-MM-DD instead of epoch time. Ticket #416 -- Endi S. Dewata

11 years, 4 months

2
2
0 / 0

[PATCH] 187 Fixed default security domain user.

by Endi Sukma Dewata

The deployment code has been modified such that if the security domain user is not specified it will use the CA admin uid, or Common uid, if it is defined. Otherwise it will use the default "caadmin". Ticket #399 -- Endi S. Dewata

11 years, 4 months

2
2
0 / 0

[PATCH] 186 Refactored pkiparser.py into PKIConfigParser.

by Endi Sukma Dewata

The code in pkiparser.py has been converted into PKIConfigParser class to facilitate further improvements. Ticket #399 -- Endi S. Dewata

11 years, 4 months

2
2
0 / 0

[PATCH] 185 Removed remaining respawn code.

by Endi Sukma Dewata

The remaining codes, parameters, and messages related to respawn have been removed. Ticket #412 -- Endi S. Dewata

11 years, 4 months

3
2
0 / 0

Best practice for cert chains

by Rob Crittenden

I need some help with best practice for a subordinate CA and distributing the CA certificate(s). If I have a root cert A, which issues a subordinate CA B, what does an SSL client need to trust in order to communicate with a server certificate issued by B? Does it only need to know about and trust B or does it need to know and trust A as well? I ask because I see different behavior in testing ldapsearch in RHEL-5 (openSSL) and RHEL-6 (NSS). RHEL-5 requires the entire cert chain, RHEL-6 requires just the leaf. Currently IPA only distributes the IPA CA, not the rest of the chain. The answer will impact a CVE we're working on, so our need is urgent and the word is mum. thanks rob

11 years, 4 months

2
1
0 / 0

[PATCH] 34 Fix for ticket 191 - Mapping the restexception to the correct http status codes

by Abhishek Koneru

Please review the patch for ticket 191 for Dogtag 10.0.1 --Abhishek

11 years, 4 months

1
0
0 / 0

[PATCH] 92 - misc changes to get rhel 7 build to work

by Ade Lee

Misc changes to get rhel 7 build to work 1. Modified cmake dependency 2. Corrected conditionals in spec file 3. Added paths for resteasy-base 4. Added paths to policy for resteasy-base Please review. Ade

11 years, 4 months

1
1
0 / 0

problems installing dogtag in RHEL-7

by Rob Crittenden

I started trying to get ipa 3.x working in RHEL 7 tonight. Better late than never... pki-core isn't installable because it is still v9 and conflicts with selinux-policy, but that isn't the reason for this e-mail. This is a heads-up. I wanted to let you know that I had a heck of a time trying to get the java dependencies resolved. I'm not sure if it is because I threw my repos together in a slap-dash way or what, but all file-based dependencies failed (velocity, for example). I also had to force java to be installed. It kept trying to install java-gcj and failing in some odd ways. I finally got all the dependencies installed with: # yum -y install java # yum -y install velocity # yum -y install ldapjdk I doubt this is a problem with your dependencies, but wanted to give you a heads-up because I gather you haven't started the pkgwrangler imports yet. rob

11 years, 4 months

1
0
0 / 0

[PATCH] 91 - link to resteasy-base on rhel systems

by Ade Lee

Please review. I am pushing to master to try move things forward in RHEL 7 builds. Ade

11 years, 4 months

1
0
0 / 0

[PATCH] fix dogtag build for new cmake

by Ade Lee

New build of cmake is about to break us. The following patches address that. Also updated some of the spec files to support F17+ and RHEL7+. Note: after this change, developers using f17 will need to install cmake 2.8.10.1-1 from the f18 repo. Please review. Ade

11 years, 4 months

1
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Pki-devel November 2012