July 2016 - Pki-devel - Dogtag Pki List Archives

[PATCH]pki-cfu-0149-Ticket-2246-MAN-Man-Page-AuditVerify.patch

by Christina Fu

man page for AuditVerify https://fedorahosted.org/pki/ticket/2246 thanks, Christina

7 years, 9 months

2
2
0 / 0

[PATCH] 791 Fixed cert usage list in pki client-cert-validate.

by Endi Sukma Dewata

The pki client-cert-validate has been modified to add the missing EmailRecipient and to list the supported cert usages. https://fedorahosted.org/pki/ticket/2376 https://fedorahosted.org/pki/ticket/2399 Pushed to master under one-liner/trivial rule. -- Endi S. Dewata

7 years, 9 months

1
0
0 / 0

[pki-devel][PATCH] 0076-MAN-Apply-generateCRMFRequest-removed-from-Firefox-w.patch

by John Magne

[MAN] Apply 'generateCRMFRequest() removed from Firefox' workarounds to appropriate 'pki' man page Ticket #1285 This fix will involve the following changes to the source tree. 1. Fixes to the CS.cfg to add two new cert profiles. 2. Make the caDualCert.cfg profile invisible since it has little chance of working any more in Firefox. 3. Create caSigningUserCert.cfg and caSigningECUserCert.cfg to allow the CLI to have convenient profiles from which to enroll signing ONLY certificates. To go along with this I have filed a downstream release note bug that shows exactly how to deploy the new profile to separately create one signing cert and one encryption cert (with archival), which allows one to accomplish what the formater caDualCert profile used to do when Firefox supported it.

7 years, 9 months

1
1
0 / 0

[PATCH] 790 Fixed certificate validation error message.

by Endi Sukma Dewata

The pkihelper.py has been modified to display the correct external command name on system certificate validation error. https://fedorahosted.org/pki/ticket/2399 Pushed to master under one-liner/trivial rule. -- Endi S. Dewata

7 years, 9 months

1
0
0 / 0

[PATCH] Added fix for pki-server for db-update

by Geetika Kapoor

Hi, Please review this patch.Below is a small summary about this fix and what we are trying to achieve. CLI : pki-server db-upgrade what it should be doing is if it sees that issuerName doesn't exist,NULL it will add it itself. Operation 1 : Search for the empty cn value for issuerName ------------------------------------------------------------------------------- Current : '(&(objectclass=certificateRecord)(issuerName=*)) -- I tried this it didn't show data even if i have record with empty issuerName Modified : (&(objectclass=certificateRecord)(!(issuerName=cn*)))' -- This solves the purpose as it shows all the certs without issuerName Operation 2 : If we see a empty cn value , we are replacing it with value we get from code ------------------------------------------------------------------------------------------------------------------ < code> cert = nss.Certificate(bytearray(attr_cert[0])) issuer_name = str(cert.issuer) </code> Current : we are updating the list it the format as mentioned 'issuerName': ['', 'CN=CA Signing Certificate,O=example.com Security Domain'] Do we want to keep this behavior or we want to overwrite it in first place? I believe in place of we do it MOD_REPLACE. <try: conn.ldap.modify_s(dn, [(ldap.MOD_ADD, 'issuerName', issuer_name)]) > Modified : onn.ldap.modify_s(dn, [(ldap.MOD_REPLACE, 'issuerName', issuer_name)]) Thanks Geetika

7 years, 9 months

3
10
0 / 0

[PATCH] pki-cfu-0148-Ticket-2389-fix-for-regular-CA-installation.patch

by Christina Fu

This patch addresses the issue that with the previous patch, the regular (non-external and non-existing) CA installation fails. https://fedorahosted.org/pki/ticket/2389 thanks, Christina

7 years, 9 months

1
1
0 / 0

Re: [Pki-devel] [Freeipa-devel] Proposed patch to resolve #828866 [RFE] enhance --subject option for ipa-server-install

by Fraser Tweedale

On Fri, Jul 08, 2016 at 01:18:23PM +0200, Petr Spacek wrote: > On 8.7.2016 05:42, Fraser Tweedale wrote: > > > > 2. If argument contains CN but it is not the "most specific" > > RDN, move it to the front (to satisfy requirement of Dogtag > > profile). > > I wonder if we can relax the requirement in Dogtag so no reordering is needed. > After all, DN is just a name, isn't it? Why Dogtag requires particular field > in DN? > Cc pki-devel@. The subject name constraint in the caCAcert profile is: policyset.caCertSet.1.constraint.params.pattern=CN=.* What do you think? Can we relax or remove this constraint - or if not, why is it required? Thanks, Fraser

7 years, 9 months

1
0
0 / 0

[PATCH] pki-cfu-0146-Ticket-978-PS-connector-man-page-add-revocation-rout.patch

by Christina Fu

Attached please find the patch that addresses: https://fedorahosted.org/pki/ticket/978 TPS connector man page: add revocation routing info thanks, Christina

7 years, 9 months

2
2
0 / 0

[PATCH 0010] Added instance and subsystem validation for pki-server subsystem-* commands.

by Abhijeet Kasurde

Hi All, Please review the patch. Partially fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295 -- Thanks, Abhijeet Kasurde IRC: akasurde http://akasurde.github.io

7 years, 9 months

3
3
0 / 0

[PATCH] 789 Fixed pki pkcs12-import output.

by Endi Sukma Dewata

The pki pkcs12-import has been modified to suppress the output of external command execution and display a completion message more consistently. https://fedorahosted.org/pki/ticket/2399 Pushed to master under one-liner/trivial rule. -- Endi S. Dewata

7 years, 9 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Pki-devel July 2016