[pki-devel][PATCH]
by John Magne
Omit OCSP from clone description.
Ticket #1358.
Also note that OCSP cloning is unsupported as of now.
9 years, 5 months
[PATCH] 009 Implement server cert validation in PKIConnection
by Christian Heimes
Hi,
the patch adds the *possibility* to verify the server cert. For
verification it needs the trust anchor (aka root CA cert) as PEM file. I
haven't found a simple way to acquire the certificate automatically, though.
Christian
9 years, 5 months
[PATCH] Note on overriding pki_client_dir when using an HSM
by Matthew Harmsen
Please review the following man page patch:
* PKI Ticket #1425 - pkispawn CA with HSM - if the config file has
pki_client related params the dir is not created and the admin cert
p12 file is stored nowhere <https://fedorahosted.org/pki/ticket/1425>
An ACK of this man page note will not close this ticket, it will merely
provide a note to the users regarding this issue until the time that the
actual problem can be fixed.
9 years, 5 months
[PATCH] 625 Fixed fail-over in HttpConnection.
by Endi Sukma Dewata
The HttpConnection class has been modified to support fail-over
and timeout more consistently. The targets are parsed into a list
during initialization. All direct calls to HttpClient.connect()
are replaced with a method that will connect to the first available
target. All connections are now created with a timeout (which by
default is 0). The timeout is handled internally by JSS instead of
by explicitly abandoning asynchronous connection thread.
https://fedorahosted.org/pki/ticket/891
--
Endi S. Dewata
9 years, 5 months
[PATCH] 626 Fixed NPE in key-archive CLI.
by Endi Sukma Dewata
The pki CLI has been modified such that if the security database
location (-d) is not specified, the config.certDatabase will be
initialized with the default value (i.e. ~/.dogtag/nssdb). The
config.certDatabase is needed by the CLI to prepare the client
library for key archival operations.
--
Endi S. Dewata
9 years, 5 months
[PATCH] 624 Fixed pki help CLI.
by Endi Sukma Dewata
A new findModules() method has been added to the CLI class to find
the list of modules handling a command. The list will be used by the
pki help CLI to find the proper man page for the specified command.
--
Endi S. Dewata
9 years, 5 months
[pki-devel][PATCH] 0038-Unable-to-select-ECC-Curves-from-EE-fix.patch
by John Magne
Ticket #1446:
Without the crypto object, the user is now presented with a very bared bones
keygen tag powered UI. One can only select a key strength and only use RSA.
This fix adds simple UI to make better use of the keygen tag:
1. Allows the use of ECC.
2. Gives simple info on how the key strengths map to RSA key size and
ECC curves.
When the user selects High, they get RSA 2043, and ECC nistp384.
When the user selects Medium, they get RSA 1024, and ECC nistp256.
Tested work with the server to issue both RSA and ECC certs of the 4 strengths mentioned above.
9 years, 5 months
[pki-devel][PATCH] 0037-Fix-Pin-Reset-tokenType-resolution.patch
by John Magne
Ticket #1423 Pin reset operation using tpsclient fails.
Recently we had added a new way to resolve the profile. That new method was
not used in the PinReset Processor. This fix addresses that and allows the Pin Reset operation to complete.
Tested with real token to work.
9 years, 5 months