August 2016 - Pki-devel - Dogtag Pki List Archives

[PATCH] 822-823 Added upgrade script to fix deployment descriptors.

by Endi Sukma Dewata

An upgrade script has been added to fix missing deployment descriptors or deployment descriptors that are pointing to non-existent or empty folders. The RPM spec has been modified to move the upgrade script into the correct folder for RHEL. https://fedorahosted.org/pki/ticket/2439 -- Endi S. Dewata

8 years, 6 months

2
2
0 / 0

Karma Requests for pki-core-10.3.5-3

by Matthew Harmsen

*The following updated candidate builds of pki-core 10.3.5 on Fedora 24, 25, and 26 (rawhide) consist of the following:* * *Fedora 24* o *pki-core-10.3.5-3.fc24 <http://koji.fedoraproject.org/koji/buildinfo?buildID=793746> * * *Fedora 25* o *pki-core-10.3.5-3.fc25 <http://koji.fedoraproject.org/koji/buildinfo?buildID=793748> * * *Fedora 26* o *pki-core-10.3.5-3.fc26 <http://koji.fedoraproject.org/koji/buildinfo?buildID=793749> * *Additionally, the CentOS 7 COPR EPEL Builds of Dogtag 10.3.3 were also updated: * * https://copr.fedorainfracloud.org/coprs/g/pki/10.3.3/repo/epel-7/group_pk... [group_pki-10.3.3] name=Copr repo for 10.3.3 owned by @pki baseurl=https://copr-be.cloud.fedoraproject.org/results/@pki/10.3.3/epel-... skip_if_unavailable=True gpgcheck=1 gpgkey=https://copr-be.cloud.fedoraproject.org/results/@pki/10.3.3/pubkey... enabled=1 enabled_metadata=1 *These builds address the following PKI tickets: * * PKI TRAC Ticket #690 - pki-tools man pages --- CMCEnroll <https://fedorahosted.org/pki/ticket/690> * PKI TRAC Ticket #833 - pki user-mod fullName="" gives an error message "PKIException: LDAP error (21): error result" <https://fedorahosted.org/pki/ticket/833> * PKI TRAC Ticket #2429 - [RFE] TPS UI: profile property needs to be added one by one can we add in bulk <https://fedorahosted.org/pki/ticket/2429> * PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade. <https://fedorahosted.org/pki/ticket/2431> * PKI TRAC Ticket #2432 - Kra-selftest behavior is not as expected <https://fedorahosted.org/pki/ticket/2432> * PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements <https://fedorahosted.org/pki/ticket/2436> o include JSS cert validation error message in selftest log o add debug messages to ConfigurationUtils.handleCerts() o apply RFC 7468 <http://tools.ietf.org/html/rfc7468> Headers/Trailers to PKI tools * PKI TRAC Ticket #2437 - TPS UI: while adding certs for users from TPSUI pem format with/without header works while pkcs7 with header is not allowed <https://fedorahosted.org/pki/ticket/2437> * PKI TRAC Ticket #2440 - Optional CA signing CSR for migration <https://fedorahosted.org/pki/ticket/2440> *Please provide Karma for the following builds: * * *Fedora 24* o *https://bodhi.fedoraproject.org/updates/FEDORA-2016-4d226a5f7e pki-core-10.3.5-1.fc24 + resteasy-3.0.17-3.fc24 <https://bodhi.fedoraproject.org/updates/FEDORA-2016-4d226a5f7e>* + *IMPORTANT: This combination build MUST be pushed first since pki-core-10.3.5-3.fc24 DEPENDS upon resteasy-3.0.17!!! * o *https://bodhi.fedoraproject.org/updates/pki-core-10.3.5-3.fc24 pki-core-10.3.5-3.fc24 <https://bodhi.fedoraproject.org/updates/pki-core-10.3.5-3.fc24> * * *Fedora 25* o *https://bodhi.fedoraproject.org/updates/FEDORA-2016-456eb9f4b7 pki-core-10.3.5-3.fc25 <https://bodhi.fedoraproject.org/updates/FEDORA-2016-456eb9f4b7>* * *

8 years, 6 months

1
0
0 / 0

[PATCH] 821 Updated pki-server subsystem-cert-update CLI.

by Endi Sukma Dewata

The pki-server subsystem-cert-update CLI has been updated to use certutil to retrieve the certificate data from the proper token. It will also show a warning if the certificate request cannot be found. The NSSDatabase constructor has been modified to normalize the name of internal NSS token to None. If the token name is None, the certutil will be executed without the -h option. The NSSDatabase.get_cert() has been modified to prepend the token name to the certificate nickname. https://fedorahosted.org/pki/ticket/2440 -- Endi S. Dewata

8 years, 6 months

1
1
0 / 0

[PATCH] 820 Allowing optional CA signing CSR.

by Endi Sukma Dewata

The CA signing CSR is already stored in request record which will be imported as part of migration process, so it's not necessary to export and reimport the CSR file again for migration. To allow optional CSR, the pki-server subsystem-cert-validate CLI has been modified to no longer check the CSR in CS.cfg. The ConfigurationUtils.loadCertRequest() has been modified to ignore the missing CSR in CS.cfg. https://fedorahosted.org/pki/ticket/2440 -- Endi S. Dewata

8 years, 6 months

1
1
0 / 0

[pki-devel][PATCH] 0080-Authentication-Instance-Id-PinDirEnrollment-with-aut.patch

by John Magne

[PATCH] Authentication Instance Id PinDirEnrollment with authType value as SslclientAuth is not working. Ticket #1578 The fixing of this problem required the following: 1. Hook up a java callback that is designed to allow the selection of a candidate client auth cert to be sent to Ldap in the LdapSSLSocket factory object. Previously we simply manually set the desired client auth cert nickname, which is provided by the console interface when cofiguring the "removePin" portion of the UidPinDir Authentication method. Doing it this way has the benefit of giving us some logging to show when the actual client auth cert is being requested by the server. We get to see the list of candidate certs and when we match one of those with the requested cert name, established by the console. This client auth problem applies ONLY to the connection pool that is used to remove the pin attribute from an external authentication directory. 2. Previously the code, when setting up client auth for "removePin", would make one single call to create the SSL socket to connect to ldap over client auth. Now, based on some code I saw in the JSS test suite, the socket is constructed in two steps. Doing this causes things to work. Further investigation down the line could figure out what is going on at the lower level. 3. Was able to test this to work with the reported problem directory server provided by QE. Note: for pin removal to work, we must also make sure that the user we authenticating to (through client auth) has the power to actually remove the pin attribute from various users.

8 years, 6 months

1
1
0 / 0

[PATCH] CMCEnroll man page + (proposed) HEADER/FOOTER changes

by Matthew Harmsen

Please review the following patches which add a CMCEnroll man page AND proposes code changes to the command line tools to allow them to used the preferred RFC 7468 HEADERS and TRAILERS (see https://www.rfc-editor.org/rfc/rfc7468.txt): * PKI TRAC Ticket #690 - [MAN] pki-tools man pages <https://fedorahosted.org/pki/ticket/690> * PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements <https://fedorahosted.org/pki/ticket/2436> The first patch contains all of the code changes, and the second patch simply contains the associated spec file change.

8 years, 6 months

2
1
0 / 0

Jack PTO Starting Monday Aug 22

by John Magne

Returning Day after labor day. Will be easily reachable if needed by mobile the whole time.

8 years, 7 months

1
0
0 / 0

[PATCH] 819 Added debug messages for ConfigurationUtils.handleCerts().

by Endi Sukma Dewata

To help troubleshooting some debug messages have been added into ConfigurationUtils.handleCerts(). https://fedorahosted.org/pki/ticket/2436 Pushed to master (10.4) under one-liner/trivial rule. -- Endi S. Dewata

8 years, 7 months

1
0
0 / 0

[PATCH] 818 Fixed SelfTestService.findSelfTests().

by Endi Sukma Dewata

The SelfTestService.findSelfTests() has been modified to return all selftests defined in the CS.cfg. https://fedorahosted.org/pki/ticket/2432 Pushed to master (10.4) under one-liner/trivial rule. -- Endi S. Dewata

8 years, 7 months

1
0
0 / 0

[PATCH] 817 Removed misleading log in SelfTestSubsystem.

by Endi Sukma Dewata

To avoid confusion, the isSelfTestCriticalAtStartup() and isSelfTestCriticalOnDemand() in SelfTestSubsystem have been modified to no longer log an error message if the selftest being checked does not exist in the corresponding property in CS.cfg. https://fedorahosted.org/pki/ticket/2432 Pushed to master (10.4) under one-liner/trivial rule. -- Endi S. Dewata

8 years, 7 months

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Pki-devel August 2016