This is a pretty big change, but we want to get it into 10.0.2 so that
we can eliminate our dependency on jython.
So far, its been tested against a straight CA install. I plan to
continue testing against other configurations, but as the code change is
quite large, I want to start the review early.
By default Tomcat relies on /dev/random as a random number generator
to generate the session ID's. Under certain conditions /dev/random
may block, which will block Tomcat as well. To solve the problem all
webapps in Tomcat have been configured to use the random number
generator provided by JSS.
Tested with IPA. Migration script will be added in a separate patch.
Endi S. Dewata
The Python REST client has been modified to parse JSON data using a
method that is compatible with python-requests 1.1. The RPM spec file
has been modified to require python-requests 1.1 package.
Endi S. Dewata
In Fedora 16, 17, and 18, JNI jar files were required to be located
under architecture specific locations (e. g. - /usr/lib/java and
These rules were re-defined in
as the JNI packaging rules were changed
in Fedora 19 (and RHEL 7) back to the JNI rules that existed for Fedora
15 (e. g. - all JNI jar files will be located under /usr/lib/java).
Please review the attached patches which fix pki-core to comply with
these rules (on Fedora 19 and later):
* *Bugzilla Bug #919476*
crashes due to dangling symlink to jss4.jar
This first patch is in addition to the previously checked-in code to
allow it to work on platforms >= Fedora 19.
The second patch is specifically for Koji builds of Fedora 19.
The third patch is the spec file used for the Koji build of Fedora 19.
This sounds great!
We would greatly appreciate it If you could do one of the following
(whichever is easier):
* Login with your Fedora account and file individual TRAC tickets at
https://fedorahosted.org/pki/newticket for each of these issues
(attaching a patch if you have them), or
* File individual Bugzilla Bugs for each of these issues (attaching a
patch to the bug if you have them).
On 03/08/13 00:19, Alexander Jung wrote:
> I did not realize I had been accepted to that group.
> We (mostly me, but some collegues too) have developed some fixes for
> problems we encountered with the dogtag CA.
> The Problems we fixed are:
> - problems when having more than 2 million certs in the ldap
> - flatfileauth does not honor the ValueNames configured
> - scep does not work against Cisco with CA key in hsm
> We developed quite a few extensions, some of them are not specific to
> our company:
> - Validity: make certificates expire on tue, wed, thr at 15:00 only
> and not during change of year and month.
> - SubjectAlternativeNames: fill the dns reverse lookup into the SAN
> field, to make a server cert work wwith all the dns names the machine
> is configured for.
> I could open bugs and attach patches or commit directly, when you allow me to.
> Alexander Jung
> 2013/3/7 <accounts(a)fedoraproject.org>:
>> mharmsen <mharmsen(a)redhat.com> has removed you from the 'svnpki'
>> group of the Fedora Accounts System This change is effective
>> immediately for new operations, and should propagate into the e-mail
>> aliases within an hour.