[PATCH] 303-306 Various issues
by Ade Lee
Please review:
Patches listed in reverse order (306 -> 303)
Ade
commit e3d47aabee97773832d2f8ac7ff138314b44f646
Author: Ade Lee <alee(a)redhat.com>
Date: Thu May 19 11:56:26 2016 -0400
Add revocation information to pki CLI output.
The date on which the certificate is revoked and the agent that
revoked it is displayed now in cert-find and cert-show output.
Ticket 1055
commit fb7707dbf7148387075fc21d803e2ecb12c66ab6
Author: Ade Lee <alee(a)redhat.com>
Date: Thu May 19 10:49:59 2016 -0400
Allow cert-find using revocation reasons
The REST API expects the integer revocation code to be passed
in a certificate search. We have modified the client to allow
the user to provide either a revocation code or a revocation
reason as a search parameter.
Ticket 1053
commit 443b3676302e7861180802784d8a1ebc43d07ea3
Author: Ade Lee <alee(a)redhat.com>
Date: Thu May 19 00:08:20 2016 -0400
Add parameters to purge old published files
Ticket 2254
commit 31342868aa4468fd7c2818727930932fd1e2d23e
Author: Ade Lee <alee(a)redhat.com>
Date: Wed May 18 15:33:36 2016 -0400
Add parameters to disable cert or crl publishing
Right now, if publishing is enabled, both CRLs and Cert publishing
is enabled. This causes a bunch of spurious error messages on
IPA servers as cert publishing is not configured.
As it is impossible to determine if cert publishing is not desired
or simply misconfigured, we provide options to explicitly disable
either cert or crl publishing.
Specifically:
* to enable/disable both cert and crl publishing:
ca.publishing.enable = True/False
This is the legacy behavior.
* to enable CRL publishing only:
ca.publishing.enable = True
ca.publishing.cert_enable = False
* to enable cert publishing only:
ca.publishing.enable = True
ca.publishing.crl_enable = False
Ticket 2275
7 years, 11 months
[PATCH] pki-cfu-0123-Ticket-1665-Cert-Revocation-Reasons-not-being-update.patch
by Christina Fu
https://fedorahosted.org/pki/ticket/1665 Certificate Revocation Reasons
not being updated in some cases
Ticket 1665 - Cert Revocation
Reasons not being updated when on-hold
This patch fixes the following areas:
* In the CA, when revokeCert is called, make it possible to move
from on_hold
to revoke.
* In the servlet that handles TPS revoke (DoRevokeTPS), make sure
it allows
the on_hold cert to be put in the bucket to be revoked.
* there are a few minor fixes such as typos and one have to do with the
populate method in SubjectDNInput.java needs better handling of
subject in
case it's null.
Note: This patch does not make attempt to allow agents to revoke
certs that
are on_hold from agent interface. The search filter needs to be
modified to
allow that.
thanks,
Christina
7 years, 11 months