July 2015 - Pki-devel - Dogtag Pki List Archives

[PATCH] 266 - Remove noise file generation code

by Ade Lee

Remove noise file generation code Noise file does not actually need to have random data because NSS does not actually use this data. Certutil still needs the file though, so we will put dummy data in there. This solves potential problems with the random() method used and also issues like BZ 1244382 Please review. Ade

8 years, 9 months

2
1
0 / 0

[PATCH] 265 - fix code to add replicationdb password

by Ade Lee

The replicationdb password is an instance parameter and should be created by the first subsystem in the instance. This should happen independently of whether replication is being set up in case it is needed to set up replication (as a master) later. As IPA figured out when trying out setupReplication=False, failure to set the replication password in the first subsystem ends up breaking instance restart because of password checks on startup. Please review, Ade

8 years, 9 months

1
1
0 / 0

[PATCH] Please depend on policycoreutils-python-utils

by Matthew Harmsen

Please review these simple patches (10.2.6 and 10.2.7) modified from Tomas Radej's original for this bug: * Bugzilla Bug #1246620 - [PATCH] Please depend on policycoreutils-python-utils <https://bugzilla.redhat.com/show_bug.cgi?id=1246620> Once ACKS are received, I will spin a f23 and f24 rawhide builds of pki-core-10.2.6-3. Thanks, -- Matt

8 years, 9 months

1
0
0 / 0

[PATCH] Added JSSSupport.getProtocol().

by Endi Sukma Dewata

A dummy getProtocol() has been added to JSSSupport in order to build with newer Tomcat. https://bugzilla.redhat.com/show_bug.cgi?id=1245786 -- Endi S. Dewata

8 years, 9 months

3
3
0 / 0

Karma Request for Dogtag 10.2.6 in Fedora 22

by Matthew Harmsen

Everyone, Please provide Karma for the following Dogtag 10.2.6 packages for Fedora 22: * dogtag-pki-theme-10.2.6-1.fc22 <https://admin.fedoraproject.org/updates/dogtag-pki-theme-10.2.6-1.fc22> * pki-core-10.2.6-1.fc22 <https://admin.fedoraproject.org/updates/pki-core-10.2.6-1.fc22> * pki-console-10.2.6-1.fc22 <https://admin.fedoraproject.org/updates/pki-console-10.2.6-1.fc22> * dogtag-pki-10.2.6-1.fc22 <https://admin.fedoraproject.org/updates/dogtag-pki-10.2.6-1.fc22> Thanks, -- Matt

8 years, 9 months

1
1
0 / 0

[PATCH] 008 Wrap CertData.pkcs7_cert_chain in BEGIN/END CERTIFICATE

by Christian Heimes

Hello, the patch fixes #1374. It feels wrong to fix the bug in Python space. I have addressed my concerns in https://fedorahosted.org/pki/ticket/1374#comment:8 According to https://www.openssl.org/docs/apps/pkcs7.html a PEM PKCS7 message can be wrapped in either BEGIN PKCS7/END PKCS7 or in BEGIN CERTIFICATE/END CERTIFICATE. Barbican uses BEGIN CERTIFICATE in the file https://github.com/openstack/barbican/blob/master/barbican/plugin/dogtag.py. Let's do that, too. A fix for pki.cert.CertData is trivial. However I'm not sure if that is the best place to add the wrapping header and footer. It may be a better idea to fix it once and for all at the root in org.dogtagpki.server.ca.rest.CertService.getCertChainData().

8 years, 9 months

2
2
0 / 0

[PATCH] 637 Fixed ObjectNotFoundException in PKCS12Export.

by Endi Sukma Dewata

The PKCS12Export has been fixed to handle ObjectNotFoundException when exporting certificates without private keys. https://fedorahosted.org/pki/ticket/1506 -- Endi S. Dewata

8 years, 9 months

1
1
0 / 0

[PATCH] 264 -- add replication options to pkispawn

by Ade Lee

This patch will be for Dogtag 10.2.7, and is still in preliminary testing. I'm posting mostly so that folks can take a look at whats coming and see whether it meets what is needed for IPA et. al. The is for ticket 1414. Ade

8 years, 9 months

2
1
0 / 0

[PATCH] 634 Updated man pages with TPS info.

by Endi Sukma Dewata

The man pages for pkispawn and pki_default.cfg have been updated to include TPS deployment parameters. https://fedorahosted.org/pki/ticket/1277 -- Endi S. Dewata

8 years, 9 months

3
4
0 / 0

[PATCH] 633 Updated man page for configuring secure LDAP connection.

by Endi Sukma Dewata

The instruction to setup secure LDAP connection in the pkispawn man page has been updated. The sample deployment configuration file has been made more generic. The setup-ds.pl has been removed from the instruction since generating a self-signed certificate requires a DS admin server. The URL to download setupssl2.sh has been changed with a more direct link. The sample LDAP password has been changed to match the current deployment configuration examples. Some paragraphs have been line wrapped to simplify man page development. -- Endi S. Dewata

8 years, 9 months

2
3
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Pki-devel July 2015