[PATCH] 200 Added nonce validation for certificate revocation. - Pki-devel - Dogtag Pki List Archives

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

[PATCH] 200 Added nonce validation for certificate revocation.

[PATCH] 201 Added LDAP exception...

[PATCH] 111 - pkidestory does not...

Endi Sukma Dewata

Wednesday, 9 January 2013 Wed, 9 Jan '13

6:52 p.m.

The certificate REST service has been modified to validate nonce when revoking a certificate. Ticket #213 -- Endi S. Dewata

Attachments:

pki-edewata-0200-Added-nonce-validation-for-certificate-revocation.patch (text/x-patch — 24.7 KB)

Reply

Show replies by date

Endi Sukma Dewata

Monday, 14 January Mon, 14 Jan

8:52 p.m.

On 1/10/2013 7:52 AM, Endi Sukma Dewata wrote:

The certificate REST service has been modified to validate nonce when revoking a certificate. Ticket #213

I retested the patch, it works as expected with nonces enabled & disabled. In most cases you'll get a proper error message (e.g. You did not provide a valid certificate) if you don't provide the required client cert. The only thing is that if you do a cert-request-approve using username & password you'll get an internal error, but this is an existing problem and we don't support that scenario. -- Endi S. Dewata

Reply

Endi Sukma Dewata

10:23 p.m.

On 1/15/2013 9:52 AM, Endi Sukma Dewata wrote:

On 1/10/2013 7:52 AM, Endi Sukma Dewata wrote: > The certificate REST service has been modified to validate > nonce when revoking a certificate. > > Ticket #213 I retested the patch, it works as expected with nonces enabled & disabled. In most cases you'll get a proper error message (e.g. You did not provide a valid certificate) if you don't provide the required client cert. The only thing is that if you do a cert-request-approve using username & password you'll get an internal error, but this is an existing problem and we don't support that scenario.

New patch attached. It fixes the problem getting the cert anonymously. -- Endi S. Dewata

Reply

Endi Sukma Dewata

Tuesday, 15 January Tue, 15 Jan

9:38 a.m.

On 1/15/2013 11:23 AM, Endi Sukma Dewata wrote:

>> The certificate REST service has been modified to validate >> nonce when revoking a certificate. >> >> Ticket #213 > > I retested the patch, it works as expected with nonces enabled & > disabled. > > In most cases you'll get a proper error message (e.g. You did not > provide a valid certificate) if you don't provide the required client > cert. The only thing is that if you do a cert-request-approve using > username & password you'll get an internal error, but this is an > existing problem and we don't support that scenario. New patch attached. It fixes the problem getting the cert anonymously.

ACKed by Ade. Pushed to master. -- Endi S. Dewata

Reply

4359

days inactive

4364

days old

devel@lists.dogtagpki.org

Manage subscription

3 comments

1 participants

tags (0)

participants (1)

Endi Sukma Dewata