October 2016 - Pki-devel - Dogtag Pki List Archives

[PATCH] 848 Troubleshooting improvement for ConfigurationUtils.handleCerts().

by Endi Sukma Dewata

To help troubleshooting, the ConfigurationUtils.handleCerts() has been modified to throw the exception instead of returning an integer. https://fedorahosted.org/pki/ticket/2463 Pushed to master under trivial/one-liner rule. -- Endi S. Dewata

7 years, 5 months

1
0
0 / 0

tomcat-8.0.37-3.fc24.noarch package from updates testing breaks CA instance spawn

by Martin Babinsky

An update for Apache Tmocat recently pushed into bodhi[1] seems to break CA instance spawning in a spectacular way.[2] It seems that the update once again breaks the loading of Java classes during Dogtag server initialization. I gave the package negative karma and I suggest for you to do the same until the issue is resolved. As a workaround you can either disable updates-testing or use: """ dnf downgrade --allowerasing tomcat """ to downgrade tomcat and dependencies to version 8.0.36-2.fc24 which works. [1] https://bodhi.fedoraproject.org/updates/FEDORA-2016-c1b01b9278 [2] https://paste.fedoraproject.org/460589/77394029 -- Martin^3 Babinsky

7 years, 6 months

2
1
0 / 0

simple TPS debug messages added

by Christina Fu

qualifies for "simple checkin that does not affect code". commit 443dcb1914f010ce8fc7c737dd8163e05a3d71db Author: Christina Fu <cfu(a)dhcp-16-189.sjc.redhat.com> Date: Mon Oct 24 09:59:42 2016 -0700 a few simple debugging messages in TPS that will make debugging easier. Christina

7 years, 6 months

1
0
0 / 0

[PATCH] 847 Fixed typo in UserPwdDirAuthentication.

by Endi Sukma Dewata

https://fedorahosted.org/pki/ticket/2460 Pushed to master & 10.3 branch under trivial/one-liner rule. -- Endi S. Dewata

7 years, 6 months

1
0
0 / 0

[pki-devel][PATCH] 0084-TPS-token-enrollment-fails-to-setupSecureChannel-whe.patch

by John Magne

TPS token enrollment fails to setupSecureChannel when TPS and TKS security db is on fips mode. Ticket #2513. Simple fix allows the TPS and TKS the ability to obtain the proper internal token, even in FiPS mode.

7 years, 6 months

2
1
0 / 0

[PATCH] 486 Fixed TPS UI for agent approval.

by Endi Sukma Dewata

The TPS UI has been updated to support TPS agent approval process for changes in authenticators, connectors, and profile mappings in addition to profiles. The ConfigEntryPage has been updated to display the action links consistently in the above components for all possible role and status combinations. The ProfilePage has been removed since the code has been merged into its super class. https://fedorahosted.org/pki/ticket/2523 -- Endi S. Dewata

7 years, 6 months

2
2
0 / 0

[PATCH] 485 Fixed TPS UI system menu.

by Endi Sukma Dewata

The TPS UI has been modified to adjust the system menu based on the list of accessible components obtained during login. The TPSApplication has been modified to use TPSAccountService which returns the list of accessible components based on the following properties in the CS.cfg: * admin: target.configure.list * agent: target.agent_approve.list The AccountInfo has been changed to extend the ResourceMessage such that it can be used to pass the list of accessible components as an attribute. https://fedorahosted.org/pki/ticket/2523 -- Endi S. Dewata

7 years, 6 months

2
2
0 / 0

[pki-devel][PATCH] 0083-PIN_RESET-policy-is-not-giving-expected-results-when.patch

by John Magne

PIN_RESET policy is not giving expected results when set on a token. Simple fix to actually honor the PIN_RESET=<YES>or<NO> policy for a given token. Minor logging improvements added as well for this error condition. Ticket #2510.

7 years, 6 months

2
1
0 / 0

Karma Requests for pki-core-10.3.5-7 and pki-console-10.3.5-2

by Matthew Harmsen

*The following updated candidate builds of pki-core 10.3.5 and pki-console 10.3.5 were generated:* * *Fedora 24* o *pki-core-10.3.5-7.fc24 <http://koji.fedoraproject.org/koji/buildinfo?buildID=808527>* o *pki-console-10.3.5-2.fc24 <http://koji.fedoraproject.org/koji/buildinfo?buildID=808789> * * *Fedora 25* o *pki-core-10.3.5-7.fc25 <http://koji.fedoraproject.org/koji/buildinfo?buildID=808568>* o *pki-console-10.3.5-2.fc25 <http://koji.fedoraproject.org/koji/buildinfo?buildID=808800> * * *Fedora 26* o *pki-core-10.3.5-7.fc26 (still working on build issues encountered on rawhide)* o *pki-console-10.3.5-2.fc26 <http://koji.fedoraproject.org/koji/buildinfo?buildID=808812>* *Additionally, the CentOS 7 COPR EPEL Builds of Dogtag 10.3.3 were also updated:* * *https://copr.fedorainfracloud.org/coprs/g/pki/epel-7.3/repo/epel-7/group_pki-epel-7.3-epel-7.repo* <https://copr.fedorainfracloud.org/coprs/g/pki/10.3.3/repo/epel-7/group_pk...> [group_pki-epel-7.3] name=Copr repo for epel-7.3 owned by @pki baseurl=https://copr-be.cloud.fedoraproject.org/results/@pki/epel-7.3/epe... type=rpm-md skip_if_unavailable=True gpgcheck=1 gpgkey=https://copr-be.cloud.fedoraproject.org/results/@pki/epel-7.3/pubk... repo_gpgcheck=0 enabled=1 enabled_metadata=1 *These builds address the following PKI tickets:* * PKI TRAC Ticket #1527 - TPS Enrollment always goes to "ca1" (cfu) <https://fedorahosted.org/pki/ticket/1527> * PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single user on multiple tokens. (jmagne) <https://fedorahosted.org/pki/ticket/1664> * PKI TRAC Ticket #2463 - Troubleshooting improvements (edewata) <https://fedorahosted.org/pki/ticket/2463> o potentially more to come in future releases * PKI TRAC Ticket #2466 - two-step externally-signed CA installation fails due to missing AuthorityID (ftweedal) <https://fedorahosted.org/pki/ticket/2466> * PKI TRAC Ticket #2475 - Multiple host authority entries created (ftweedal) <https://fedorahosted.org/pki/ticket/2475> * PKI TRAC Ticket #2476 - Dogtag Miscellaneous Minor Changes (edewata) <https://fedorahosted.org/pki/ticket/2476> o potentially more to come in future releases * PKI TRAC Ticket #2478 - pkispawn fails as it is not able to find openssl as a dependency package (mharmsen) <https://fedorahosted.org/pki/ticket/2478> * PKI TRAC Ticket #2483 - Unable to read an encrypted email using renewed tokens (jmagne) <https://fedorahosted.org/pki/ticket/2483> * PKI TRAC Ticket #2496 - Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches (cfu) <https://fedorahosted.org/pki/ticket/2496> * PKI TRAC Ticket #2497 - KRA installation failed against externally-signed CA with partial certificate chain (edewata) <https://fedorahosted.org/pki/ticket/2497> * PKI TRAC Ticket #2505 - Fix packaging duplicates of classes in multiple jar files (edewata) <https://fedorahosted.org/pki/ticket/2505> *Please provide Karma for the following builds:* * *Fedora 24* o *https://bodhi.fedoraproject.org/updates/FEDORA-2016-76fae7b25f pki-core-10.3.5-7.fc24 <https://bodhi.fedoraproject.org/updates/FEDORA-2016-76fae7b25f>* o *https://bodhi.fedoraproject.org/updates/FEDORA-2016-a9e6c42783 pki-console-10.3.5-2.fc24 <https://bodhi.fedoraproject.org/updates/FEDORA-2016-a9e6c42783>* * *Fedora 25* o *https://bodhi.fedoraproject.org/updates/FEDORA-2016-3496056579 pki-core-10.3.5-7.fc25* o *https://bodhi.fedoraproject.org/updates/FEDORA-2016-70b3b8b697 pki-console-10.3.5-2.fc25 <https://bodhi.fedoraproject.org/updates/FEDORA-2016-70b3b8b697> *

7 years, 6 months

1
1
0 / 0

[pki-devel][PATCH] 0082-Cert-Key-recovery-is-successful-when-the-cert-serial.patch

by John Magne

Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches Fixes this bug #1381375. The portion this patch fixes involves URL encoding glitch we encountered when recovering keys using the "by cert" method. Also this bug addresses: Bug 1379379 - Unable to read an encrypted email using renewed tokens The URL encoding problem was affecting the proper verification of this bug. and Bug 1379749 - Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued The URI encoding was also making this bug appear to fail more than it should have. There is also a minor fix to the feature that makes sure it works. This small fix is in TPSEngine.java where the constant for GenerateNewAndRecoverLast scheme is declared.

7 years, 6 months

2
2
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Pki-devel October 2016