June 2017 - Pki-devel - Dogtag Pki List Archives

[pki-devel][PATCH] 0098-SCP03-support-fix-Key-Changeover-with-HSM-RHCS.patch

by John Magne

[PATCH] SCP03 support: fix Key Changeover with HSM (RHCS) Ticket #2764. This relatively simple fix involves making sure the correct crypto token is being used to search for the master key int the case of symmetric key changover where the master key resides on an HSM.

6 years, 10 months

2
1
0 / 0

[PATCH] Ticket-2616-CMC-replace-id-cmc-statusInfo-with-id-cm.patch

by Christina Fu

This patch addresses: https://pagure.io/dogtagpki/issue/2616 CMC: replace id-cmc-statusInfo with id-cmc-statusInfoV2 See patch comment for detail. thanks, Christina

6 years, 10 months

2
2
0 / 0

[PATCH] Ticket-2618-UniqueKeyConstraint-fix-on-subjectDN-com.patch

by Christina Fu

I had to reopen https://pagure.io/dogtagpki/issue/2618 Allow CA to process pre-signed CMC renewal non-signing cert requests due to an issue in UniqueKeyConstraint.java where subjectDN comparison was not 100% correct. This patch makes sure that the comparison is done at Object level so eliminates room for error. thanks, Christina

6 years, 10 months

1
0
0 / 0

[PATCH] Ticket-2737-CMC-check-HTTPS-client-authentication-ce.patch

by Christina Fu

This patch addresses: https://pagure.io/dogtagpki/issue/2737 CMC: check HTTPS client authentication cert against CMC signer Please review, Thanks

6 years, 10 months

2
1
0 / 0

[PATCH] Ticket-2619-Allow-CA-to-process-user-signed-CMC-revo.patch

by Christina Fu

This patch is the implementation for ticket https://pagure.io/dogtagpki/issue/2619 Allow CA to process pre-signed CMC revocation non-signing cert requests Patch description in patch comment area. please review. thanks, Christina

6 years, 10 months

2
2
0 / 0

Updated Dogtag packages for Fedora 27, 26, and 25 . . .

by Matthew Harmsen

Everyone, The following Dogtag packages have been updated on Fedora 27 (rawhide): * tomcatjss-7.2.3-1.fc27 <https://koji.fedoraproject.org/koji/buildinfo?buildID=903568> * dogtag-pki-10.4.7-1.fc27 <https://koji.fedoraproject.org/koji/buildinfo?buildID=905507> * dogtag-pki-theme-10.4.7-1.fc27 <https://koji.fedoraproject.org/koji/buildinfo?buildID=905506> * pki-core-10.4.7-1.fc27 <https://koji.fedoraproject.org/koji/buildinfo?buildID=905491> * pki-console-10.4.7-1.fc27 <https://koji.fedoraproject.org/koji/buildinfo?buildID=905508> Additionally, these builds were used to generate their Fedora 25 and Fedora 26 equivalents as stored in the following COPR repos (https://copr.fedorainfracloud.org/coprs/g/pki/10.4/): * Fedora 25 and 26 (e. g. - /etc/yum.repos.d/pki-fedora.repo): [group_pki-10.4] name=Copr repo for 10.4 owned by @pki baseurl=https://copr-be.cloud.fedoraproject.org/results/@pki/10.4/fedora-... type=rpm-md skip_if_unavailable=True gpgcheck=1 gpgkey=https://copr-be.cloud.fedoraproject.org/results/@pki/10.4/pubkey.gpg repo_gpgcheck=0 enabled=1 enabled_metadata=1 Thanks, -- Matt

6 years, 10 months

1
0
0 / 0

[PATCH] Ticket-2617-part2-add-revocation-check-to-signing-ce.patch

by Christina Fu

This patch adds the missing revocation check (and possibly validity check) to https://pagure.io/dogtagpki/issue/2617 Allow CA to process pre-signed CMC non-signing certificate requests The code that CMCUserSignedAuth originated from, CMCAuth, has a confusing comment where it states: // verify signer's certificate using the revocator right above the CryptoManager.isCertValid() call. Which mislead me into believing that the call checks for revocation status. During work for CMC revocation (upcoming patch), I found out that is not entirely the case. The call does not check for revocation status when I used a revoked cert to sign the cmc request. I am adding revocation and validity checks to make sure that the check is more complete. thanks, Christina

6 years, 10 months

1
1
0 / 0

[pki-devel][PATCH] 0095-Resolve-1663-Add-SCP03-support.patch

by John Magne

Ticket: Resolve #1663 Add SCP03 support . This particular fix resolves a simple issue when formatting a token in FIPS mode for SCP03.

6 years, 10 months

2
2
0 / 0

[PATCH] Fixed pylint errors (re-sent)

by Matthew Harmsen

The attached patch was altered to change "args" ==> "argv" rather than "argv" ==> "args" since it was discovered that a number of the routines utilized "args" as a local variable that would have to be changed since if the "argv" input parameter were changed to "args". Consequently, this patch converts "args" ==> "argv". Please review the attached patch which addresses the following issues: * dogtagpki Pagure Issue #2713 - Build failure due to Pylint issues <https://pagure.io/dogtagpki/issue/2713> These changes were successfully compiled on a Fedora 27 machine with the following packages: * python2-2.7.13-10.fc27.x86_64 * python3-3.6.1-7.fc27.x86_64 * pylint-1.7.1-1.fc27.noarch Additionally, a CA instance was installed and configured, and the following smoke test was run: * sudo certutil -d /root/.dogtag/pki-tomcat/ca/alias -L * sudo pki -d /root/.dogtag/pki-tomcat/ca/alias -C /root/.dogtag/pki-tomcat/ca/password.conf -n "PKI Administrator for example.com" -p 8080 ca-user-add testuser --fullName "Test User" * sudo certutil -d /root/.dogtag/pki-tomcat/ca/alias -L * sudo pki -d /root/.dogtag/pki-tomcat/ca/alias -C /root/.dogtag/pki-tomcat/ca/password.conf -n "PKI Administrator for example.com" -p 8080 client-cert-request uid=testuser * sudo pki -d /root/.dogtag/pki-tomcat/ca/alias -C /root/.dogtag/pki-tomcat/ca/password.conf -n "PKI Administrator for example.com" -p 8080 ca-cert-request-review 7 --action approve * sudo pki -d /root/.dogtag/pki-tomcat/ca/alias -C /root/.dogtag/pki-tomcat/ca/password.conf -n "PKI Administrator for example.com" -p 8080 ca-user-cert-add testuser --serial 0x7 * sudo pki -d /root/.dogtag/pki-tomcat/ca/alias -C /root/.dogtag/pki-tomcat/ca/password.conf -n "PKI Administrator for example.com" -p 8080 client-cert-import testuser --serial 0x7 * sudo certutil -d /root/.dogtag/pki-tomcat/ca/alias -L

6 years, 10 months

3
2
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Pki-devel June 2017