July 2015 - Pki-devel - Dogtag Pki List Archives

[pki-devel][PATCH]

by John Magne

Omit OCSP from clone description. Ticket #1358. Also note that OCSP cloning is unsupported as of now.

8 years, 9 months

1
0
0 / 0

[PATCH] 009 Implement server cert validation in PKIConnection

by Christian Heimes

Hi, the patch adds the *possibility* to verify the server cert. For verification it needs the trust anchor (aka root CA cert) as PEM file. I haven't found a simple way to acquire the certificate automatically, though. Christian

8 years, 9 months

1
0
0 / 0

[PATCH] Note on overriding pki_client_dir when using an HSM

by Matthew Harmsen

Please review the following man page patch: * PKI Ticket #1425 - pkispawn CA with HSM - if the config file has pki_client related params the dir is not created and the admin cert p12 file is stored nowhere <https://fedorahosted.org/pki/ticket/1425> An ACK of this man page note will not close this ticket, it will merely provide a note to the users regarding this issue until the time that the actual problem can be fixed.

8 years, 9 months

2
1
0 / 0

[PATCH] pki-cfu-0080-Ticket-1447-pkispawn-findCertByNickname-fails-to-fin.patch

by Christina Fu

This patch addressed the following ticket: https://fedorahosted.org/pki/ticket/1447 pkispawn: findCertByNickname fails to find cert in creating shared tomcat subsystems on HSM A more conservative approach is taken in this patch so that in the case the token is specified, just prepend token name to the nickname before calling findCertByNickname. Please review. thanks, Christina

8 years, 9 months

1
1
0 / 0

[PATCH] 625 Fixed fail-over in HttpConnection.

by Endi Sukma Dewata

The HttpConnection class has been modified to support fail-over and timeout more consistently. The targets are parsed into a list during initialization. All direct calls to HttpClient.connect() are replaced with a method that will connect to the first available target. All connections are now created with a timeout (which by default is 0). The timeout is handled internally by JSS instead of by explicitly abandoning asynchronous connection thread. https://fedorahosted.org/pki/ticket/891 -- Endi S. Dewata

8 years, 10 months

1
1
0 / 0

[PATCH] 626 Fixed NPE in key-archive CLI.

by Endi Sukma Dewata

The pki CLI has been modified such that if the security database location (-d) is not specified, the config.certDatabase will be initialized with the default value (i.e. ~/.dogtag/nssdb). The config.certDatabase is needed by the CLI to prepare the client library for key archival operations. -- Endi S. Dewata

8 years, 10 months

1
1
0 / 0

[PATCH] 624 Fixed pki help CLI.

by Endi Sukma Dewata

A new findModules() method has been added to the CLI class to find the list of modules handling a command. The list will be used by the pki help CLI to find the proper man page for the specified command. -- Endi S. Dewata

8 years, 10 months

1
1
0 / 0

[pki-devel][PATCH] 0038-Unable-to-select-ECC-Curves-from-EE-fix.patch

by John Magne

Ticket #1446: Without the crypto object, the user is now presented with a very bared bones keygen tag powered UI. One can only select a key strength and only use RSA. This fix adds simple UI to make better use of the keygen tag: 1. Allows the use of ECC. 2. Gives simple info on how the key strengths map to RSA key size and ECC curves. When the user selects High, they get RSA 2043, and ECC nistp384. When the user selects Medium, they get RSA 1024, and ECC nistp256. Tested work with the server to issue both RSA and ECC certs of the 4 strengths mentioned above.

8 years, 10 months

2
2
0 / 0

[PATCH] Lack of Interactive Installation Support (Cloning, Subordinates, Externals, HSMs, ECC)

by Matthew Harmsen

Please review the following patch for: * PKI TRAC Ticket #1441 - Lack of Interactive Installation Support (Cloning, Subordinates, Externals, HSMs, ECC) <https://fedorahosted.org/pki/ticket/1441> Thanks, -- Matt

8 years, 10 months

1
0
0 / 0

[pki-devel][PATCH] 0037-Fix-Pin-Reset-tokenType-resolution.patch

by John Magne

Ticket #1423 Pin reset operation using tpsclient fails. Recently we had added a new way to resolve the profile. That new method was not used in the PinReset Processor. This fix addresses that and allows the Pin Reset operation to complete. Tested with real token to work.

8 years, 10 months

2
2
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Pki-devel July 2015