[pki-devel][PATCH] 0025-NISTSP8000-feature.patch
by John Magne
NISTSP8000 feature.
Implementation of the nistSP800 dervication feature.
Works for both supported scp01 cards and scp02 cards.
During the various session key and key upgrade functions, the nist derivation code is being called.
Tested with gemalto 64k for scp01 and sc650 for scp02.
Tested symmetric key changeover for both tokens.
Logs verified the nist functions being called for derivation instead of the current calls.
9 years, 10 months
[PATCH] Allow use of secure LDAPS connection
by Matthew Harmsen
Please review the attached patch which addresses the following issue:
* PKI TRAC Ticket #1144 - pkispawn needs option to specify ca cert for
ldap <https://fedorahosted.org/pki/ticket/1144>
Using my Fedora 21 laptop, I was able to successfully install and
configure a Directory Server to use LDAPS (documented procedure in
attached 'pkispawn' man page), and was able to use the exported
Directory Server CA certificate to successfully install and configure a
CA using this CA certificate in conjunction with the secure Directory
Server.
I verified that the two servers were speaking TLS by checking
/var/log/dirsrv/slapd-pki/access:
* TLS1.2 128-bit AES-GCM
Additionally, I successfully installed an OCSP subsystem into this
shared PKI instance.
For the CA, I successfully tested both non-interactive as well as
interactive modes of pkispawn.
Thanks,
-- Matt
9 years, 10 months