May 2016 - Pki-devel - Dogtag Pki List Archives

by Matthew Harmsen

The Dogtag team is proud to announce the release of Dogtag 10.3.1. Builds are available for Fedora 24. == Build Versions == * dogtag-pki-10.3.1-1 <http://koji.fedoraproject.org/koji/packageinfo?packageID=9999> * dogtag-pki-theme-10.3.1-1 <http://koji.fedoraproject.org/koji/packageinfo?packageID=11475> * pki-console-10.3.1-1 <http://koji.fedoraproject.org/koji/packageinfo?packageID=9863> * pki-core-10.3.1-1 <http://koji.fedoraproject.org/koji/packageinfo?packageID=11434> == Upgrade Notes == Simply use dnf to update existing packages.

7 years, 10 months

2
1
0 / 0

[PATCH] 0116 Fix LDAP schema violation when instance name contains '_'

by Fraser Tweedale

The attached patch fixes https://fedorahosted.org/pki/ticket/2343 Cheers, Fraser

7 years, 11 months

2
2
0 / 0

[PATCH] 756 Updated system certificate selftests.

by Endi Sukma Dewata

The CertUtils.verifySystemCertByNickname() has been modified to call CryptoManager.verifyCertificate() to validate the system certificates which will provide better information (i.e. NSS error message and stack trace) to troubleshoot validation issues. https://fedorahosted.org/pki/ticket/850 -- Endi S. Dewata

7 years, 11 months

2
2
0 / 0

[PATCH] 759 Fixed hard-coded database name for TPS VLV indexes.

by Endi Sukma Dewata

The vlv.ldif for TPS has been modified to remove the hard-coded database name and to use customizable parameter instead. The token and activity REST services have been modified to search the database using VLV. The existing database can be fixed using the following procedure: http://pki.fedoraproject.org/wiki/Database_Upgrade_for_PKI_10.3.x#Relocat... https://fedorahosted.org/pki/ticket/2342 -- Endi S. Dewata

7 years, 11 months

1
1
0 / 0

[PATCH] 758 Fixed error handling in ProxyRealm.

by Endi Sukma Dewata

The ProxyRealms for Tomcat 7 and 8 have been modified to return an error if the subsystem is not available instead of falling back to username/password authentication. https://fedorahosted.org/pki/ticket/2326 -- Endi S. Dewata

7 years, 11 months

1
1
0 / 0

[PATCH] 303-306 Various issues

by Ade Lee

Please review: Patches listed in reverse order (306 -> 303) Ade commit e3d47aabee97773832d2f8ac7ff138314b44f646 Author: Ade Lee <alee(a)redhat.com> Date: Thu May 19 11:56:26 2016 -0400 Add revocation information to pki CLI output. The date on which the certificate is revoked and the agent that revoked it is displayed now in cert-find and cert-show output. Ticket 1055 commit fb7707dbf7148387075fc21d803e2ecb12c66ab6 Author: Ade Lee <alee(a)redhat.com> Date: Thu May 19 10:49:59 2016 -0400 Allow cert-find using revocation reasons The REST API expects the integer revocation code to be passed in a certificate search. We have modified the client to allow the user to provide either a revocation code or a revocation reason as a search parameter. Ticket 1053 commit 443b3676302e7861180802784d8a1ebc43d07ea3 Author: Ade Lee <alee(a)redhat.com> Date: Thu May 19 00:08:20 2016 -0400 Add parameters to purge old published files Ticket 2254 commit 31342868aa4468fd7c2818727930932fd1e2d23e Author: Ade Lee <alee(a)redhat.com> Date: Wed May 18 15:33:36 2016 -0400 Add parameters to disable cert or crl publishing Right now, if publishing is enabled, both CRLs and Cert publishing is enabled. This causes a bunch of spurious error messages on IPA servers as cert publishing is not configured. As it is impossible to determine if cert publishing is not desired or simply misconfigured, we provide options to explicitly disable either cert or crl publishing. Specifically: * to enable/disable both cert and crl publishing: ca.publishing.enable = True/False This is the legacy behavior. * to enable CRL publishing only: ca.publishing.enable = True ca.publishing.cert_enable = False * to enable cert publishing only: ca.publishing.enable = True ca.publishing.crl_enable = False Ticket 2275

7 years, 11 months

2
3
0 / 0

[PATCH] pki-cfu-0123-Ticket-1665-Cert-Revocation-Reasons-not-being-update.patch

by Christina Fu

https://fedorahosted.org/pki/ticket/1665 Certificate Revocation Reasons not being updated in some cases Ticket 1665 - Cert Revocation Reasons not being updated when on-hold This patch fixes the following areas: * In the CA, when revokeCert is called, make it possible to move from on_hold to revoke. * In the servlet that handles TPS revoke (DoRevokeTPS), make sure it allows the on_hold cert to be put in the bucket to be revoked. * there are a few minor fixes such as typos and one have to do with the populate method in SubjectDNInput.java needs better handling of subject in case it's null. Note: This patch does not make attempt to allow agents to revoke certs that are on_hold from agent interface. The search filter needs to be modified to allow that. thanks, Christina

7 years, 11 months

2
2
0 / 0

[PATCH] 750 Fixed cert enrollment problem with empty rangeUnit in profile.

by Endi Sukma Dewata

Previously cert enrollment might fail after editing the profile using the console. This is because the console added an empty rangeUnit parameter, but the server rejected the empty value. The convertRangeUnit() methods in several classes have been modified to accept the empty value and convert it into the default value (i.e. day). https://fedorahosted.org/pki/ticket/2308 -- Endi S. Dewata

7 years, 11 months

1
1
0 / 0

[PATCH] 749 Fixed support for generic CSR extensions.

by Endi Sukma Dewata

The deployment tool has been modified to support adding Subordinate CA extension into the CSR for Microsoft CA, and also adding generic extensions to any system certificate. https://fedorahosted.org/pki/ticket/2312 -- Endi S. Dewata

7 years, 11 months

1
1
0 / 0

[PATCH] 753 Ignoring blank and comment lines in configuration files.

by Endi Sukma Dewata

The PKISubsystem.load() and PKIInstance.load() have been modified to ignore blank and comment lines in CS.cfg and password.conf. If the code fails to parse a line it will throw an exception showing the location of the invalid line. https://fedorahosted.org/pki/ticket/2314 A simpler version of this patch was tested by jmagne (thanks!). Pushed to master under trivial/one-liner rule. -- Endi S. Dewata

7 years, 11 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Pki-devel May 2016