March 2015 - Pki-devel - Dogtag Pki List Archives

[PATCH] 0030 Add pkispawn config option for ldap profiles

by Fraser Tweedale

This patch introduces a pkispawn config option to specify whether to use file-based or LDAP profiles. File-based profiles (the existing behaviour) are the default.

10 years, 2 months

2
2
0 / 0

Karma Request for Dogtag 10.2.2 in Fedora 22

by Matthew Harmsen

Everyone, Please provide Karma for the following Dogtag 10.2.2 packages for Fedora 22: * dogtag-pki-theme-10.2.2-1.fc22 <https://admin.fedoraproject.org/updates/dogtag-pki-theme-10.2.2-1.fc22> * pki-core-10.2.2-1.fc22 <https://admin.fedoraproject.org/updates/pki-core-10.2.2-1.fc22> * pki-console-10.2.2-1.fc22 <https://admin.fedoraproject.org/updates/pki-console-10.2.2-1.fc22> * dogtag-pki-10.2.2-1.fc22 <https://admin.fedoraproject.org/updates/dogtag-pki-10.2.2-1.fc22> Thanks, -- Matt

10 years, 3 months

1
0
0 / 0

[pki-devel][PATCH] 0025-NISTSP8000-feature.patch

by John Magne

NISTSP8000 feature. Implementation of the nistSP800 dervication feature. Works for both supported scp01 cards and scp02 cards. During the various session key and key upgrade functions, the nist derivation code is being called. Tested with gemalto 64k for scp01 and sc650 for scp02. Tested symmetric key changeover for both tokens. Logs verified the nist functions being called for derivation instead of the current calls.

10 years, 3 months

1
2
0 / 0

[PATCH] 0027..0029 support external authorization LDAP server

by Fraser Tweedale

These patches resolve https://fedorahosted.org/pki/ticket/1174 Regards, Fraser

10 years, 3 months

3
9
0 / 0

[PATCH] Allow use of secure LDAPS connection

by Matthew Harmsen

Please review the attached patch which addresses the following issue: * PKI TRAC Ticket #1144 - pkispawn needs option to specify ca cert for ldap <https://fedorahosted.org/pki/ticket/1144> Using my Fedora 21 laptop, I was able to successfully install and configure a Directory Server to use LDAPS (documented procedure in attached 'pkispawn' man page), and was able to use the exported Directory Server CA certificate to successfully install and configure a CA using this CA certificate in conjunction with the secure Directory Server. I verified that the two servers were speaking TLS by checking /var/log/dirsrv/slapd-pki/access: * TLS1.2 128-bit AES-GCM Additionally, I successfully installed an OCSP subsystem into this shared PKI instance. For the CA, I successfully tested both non-interactive as well as interactive modes of pkispawn. Thanks, -- Matt

10 years, 3 months

2
1
0 / 0

[PATCH] Patch for /tmp/file vulnerabilities

by Matthew Harmsen

Please review the attached patch which addresses the following: * Bugzilla Bug #1183176 - (CVE-2015-0234) CVE-2015-0234 pki-core 10.x: multiple /tmp/ file vulnerabilities <https://bugzilla.redhat.com/show_bug.cgi?id=1183176> * Bugzilla Bug #1183178 - CVE-2015-0234 pki-core: pki-core 10.x: multiple /tmp/ file vulnerabilities [fedora-all] <https://bugzilla.redhat.com/show_bug.cgi?id=1183178> The attached patch was tested using the Dogtag 10.2.2 source code on the 'master' branch as of 02/27/2015. It was successfully tested for a shared instance CA, KRA, OCSP, TKS, and TPS including successfully running the 'tpsclient' tool.

10 years, 3 months

2
1
0 / 0

Karma request for Dogtag 10.2.1 PKI packages in Fedora 21 . . .

by Matthew Harmsen

Everyone, Per the following ticket, it was determined that we would backport Dogtag 10.2.1 (previously only available in Fedora 22) back to Fedora 21: * *PKI TRAC Ticket #1287 - Consider backporting Dogtag 10.2.1 to Fedora 21 <https://fedorahosted.org/pki/ticket/1287>* Please provide Karma for the following packages: * *Fedora 21:* o *dogtag-pki-theme-10.2.1-1.fc21 <https://admin.fedoraproject.org/updates/dogtag-pki-theme-10.2.1-1.fc21>* o *pki-core-10.2.1-1.fc21 <https://admin.fedoraproject.org/updates/pki-core-10.2.1-1.fc21>* o *pki-console-10.2.1-1.fc21 <https://admin.fedoraproject.org/updates/pki-console-10.2.1-1.fc21>* o *dogtag-pki-10.2.1-1.fc21 <https://admin.fedoraproject.org/updates/dogtag-pki-10.2.1-1.fc21> * Enjoy, -- Matt

10 years, 3 months

1
0
0 / 0

[PATCH] 557 Fixed CMake issues on F22.

by Endi Sukma Dewata

Some CMake scripts have been updated to work on both F21 and F22. https://fedorahosted.org/pki/ticket/1281 -- Endi S. Dewata

10 years, 3 months

1
1
0 / 0

[PATCH] 556 Fixed systemd errors/warnings after upgrade.

by Endi Sukma Dewata

The spec file has been modified to reload systemd daemon after upgrade to avoid errors/warnings when executing systemd commands. https://fedorahosted.org/pki/ticket/1255 -- Endi S. Dewata

10 years, 3 months

2
2
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Pki-devel March 2015