[PATCH] pki-cfu-0037-ticket-1110-pkispawn-configuration-does-not-provide-.patch
by Christina Fu
This patch is for ticket:
https://fedorahosted.org/pki/ticket/1110 - pkispawn (configuration) does
not provide CA extensions in subordinate certificate signing requests (CSR)
It was agreed upon that this patch just needs to provide the bare
essential to do the job without anything fancy.
As a result, four new pkispawn configuration parameters are introduced
with the following default:
pki_req_ext_add=False
pki_req_ext_oid=1.3.6.1.4.1.311.20.2
pki_req_ext_critical=False
pki_req_ext_data=1E0A00530075006200430041
where pki_req_ext_add controls whether this extra request extension is
to be added or not to the csr of a CA signing cert (by default it's
False). It is available only for the "external CA" case, and only one
such extension can be added.
There is a potential that in the future we could make this extension
available for all cert requests and in multiple. However, it is not a
goal at this time for the purpose of this patch. When the need arises,
we will file a separate ticket for it.
Thanks,
Christina
9 years, 7 months
[pki-devel][PATCH] 0022-Provide-standalone-Pin-Reset-Processor.patch
by John Magne
Author: Jack Magne <jmagne(a)dhcp-16-213.sjc.redhat.com>
Date: Thu Sep 18 17:11:07 2014 -0700
Provide standalone Pin Reset Processor.
Now an enrolled token can have its pin changed with esc without doing another enrollment.
Simply select "Reset Password" in esc, when using an enrolled token.
Tested to work.
9 years, 7 months
[PATCH] move web application context file in 10.1
by Ade Lee
Now that we've added the latest tomcat to rhel 7.1, we need to back port
the fix to ticket 499 to get things working again.
The first two patches are simply cherry-picks of the existing patches in
10.2. No changes have been made. I'm attaching for reference only.
The last patch does two things:
1. changes the migration script to make it idempotent.
2. move the migration script to 10.1.1 folder
3. change the version to 10.1.2 so that the migration script is
guaranteed to run for those who have a version of 10.1.1.
Please review,
Ade
9 years, 7 months
[PATCH] 235 - add migration script to master
by Ade Lee
Just basic cleanup.
The 01-MoveWebApplicationContextFile migration script has been added to
10.1 branch and so needs to be added here to be consistent. Also, the
script needs to be made idempotent as it can potentially run twice.
Please review,
Ade
9 years, 7 months
[PATCH] 527 Added option to import client cert from CA.
by Endi Sukma Dewata
A new option has been added to the client-cert-import command to
import a certificate from CA by specifying the serial number.
The client-cert-import has also been modified to get the nickname
of the certificate to import from the CLI argument. For backward
compatibility, if no argument is specified the CLI will try to
get the nickname from the authentication option (-n).
Ticket #1152
--
Endi S. Dewata
9 years, 7 months
[PATCH] 524 Added client-cert-request CLI.
by Endi Sukma Dewata
A new CLI has been added to simplify the process to request
a user certificate for client certificate authentication.
Ticket #1148
--
Endi S. Dewata
9 years, 7 months
REVISED PKI GIT REPOSITORY BRANCH NAMES
by Matthew Harmsen
Everyone,
After numerous discussions, I have renamed the PKI git repository
branches following our new naming conventions.
The table below identifies the original branch name and its new branch name.
Some original branch names were left unchanged.
Some other original branches were deleted, and thus have no new branch name.
Finally, the new branch entitled 'DOGTAG_10_2_RHEL_BRANCH' was created
from the '7cf3bd73a7c41d8633fb2a92053a55e0e36a4925' hash checked in to
the 'master' branch.
I have included an example of how to sync an existing checked out
repository with the original name to the revised name in the current
repository.
-- Matt
==================================================================================================
ORIGINAL BRANCH NAME NEW BRANCH NAME
==================================================================================================
remotes/origin/DOGTAG_10_0_BRANCH ==> remotes/origin/DOGTAG_10_0_BRANCH
remotes/origin/IPA_V3_RHEL_7_ERRATA_BRANCH ==>
remotes/origin/DOGTAG_10_0_RHEL_BRANCH
remotes/origin/DOGTAG_10_1_BRANCH ==> remotes/origin/DOGTAG_10_1_BRANCH
remotes/origin/IPA_V4_RHEL_7_1_ERRATA_BRANCH ==>
remotes/origin/DOGTAG_10_1_RHEL_BRANCH
'master' 7cf3bd73a7c41d8633fb2a92053a55e0e36a4925==>
remotes/origin/DOGTAG_10_2_RHEL_BRANCH
remotes/origin/DOGTAG_9_BRANCH ==> remotes/origin/DOGTAG_9_0_BRANCH
remotes/origin/IPA_v2_RHEL_6_ERRATA_BRANCH
==>remotes/origin/DOGTAG_9_0_RHEL_BRANCH
**remotes/origin/RHEL_7_0_BRANCH ==>
remotes/origin/RHEL_7_BRANCH ==>
remotes/origin/autoformat ==>
remotes/origin/autoformat2 ==>
remotes/origin/HEAD -> origin/master ==>
remotes/origin/HEAD -> origin/master
remotes/origin/master ==> remotes/origin/master
==================================================================================================
===========================================================================
EXAMPLE OF UPDATING AN EXISTING BRANCH THAT HAS BEEN PREVIOUSLY CHECKED OUT
===========================================================================
(1) Identify the local branch
# git branch
IPA_V3_RHEL_7_ERRATA_BRANCH
(2) Rename the local branch
# git branch -m IPA_V3_RHEL_7_ERRATA_BRANCH DOGTAG_10_0_RHEL_BRANCH
(3) Identify the local branch
# git branch
DOGTAG_10_0_RHEL_BRANCH
(4) Attempt to update the local branch from the remote branch
# git pull
. . .
Your configuration specifies to merge with the ref
'IPA_V3_RHEL_7_ERRATA_BRANCH'
from the remote, but no such ref was fetched.
(5) Setup remote upstream tracking on the branch you just renamed
# git branch -u origin/DOGTAG_10_0_RHEL_BRANCH
Branch DOGTAG_10_0_RHEL_BRANCH set up to track remote branch
DOGTAG_10_0_RHEL_BRANCH from origin.
(6) Attempt to update the local branch from the remote branch
# git pull
Already up-to-date.
===========================================================================
9 years, 7 months