freeipa.git - FreeIPA project

	Commit message (Collapse)	Author	Age	Files	Lines
*	enable proxy for dogtag	Adam Young	2011-08-29	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Dogtag is going to be proxied through httpd. To make this work, it has to support renegotiation of the SSL connection. This patch enables renegotiate in the nss configuration file during during apache configuration, as well as modifies libnss to set the appropriate optins on the ssl connection in order to renegotiate. The IPA install uses the internal ports instead of proxying through httpd since httpd is not set up yet. IPA needs to Request the certificate through a port that uses authentication. On the Dogtag side, they provide an additional mapping for this: /ca/eeca/ca as opposed tp /ca/ee/ca just for this purpose. https://fedorahosted.org/freeipa/ticket/1334 add flag to pkicreate in order to enable using proxy. add the proxy file in /etc/http/conf.d/ Signed-off-by: Simo Sorce <ssorce@redhat.com>
*	Set the client auth callback after creating the SSL connection.	Rob Crittenden	2011-07-01	1	-2/+2
\| \| \| \| \| \| \| \| \| \|	If we set the callback before calling connect() then if the connection tries a network family type and fails, it will try other family types. If this happens then the callback set on the first socket will be lost when a new socket is created. There is no way to query for the callback in an existing socket. https://fedorahosted.org/freeipa/ticket/1349
*	Change FreeIPA license to GPLv3+	Jakub Hrozek	2010-12-20	1	-5/+5
\| \| \| \| \| \| \| \| \| \|	The changes include: * Change license blobs in source files to mention GPLv3+ not GPLv2 only * Add GPLv3+ license text * Package COPYING not LICENSE as the license blobs (even the old ones) mention COPYING specifically, it is also more common, I think https://fedorahosted.org/freeipa/ticket/239
*	Catch when we fail to get a cert chain from the CA during installation	Rob Crittenden	2010-11-24	1	-1/+5
\| \| \| \| \| \|	Also don't free the XML document if it was never created. ticket 404
*	use NSS for SSL operations	John Dennis	2010-06-15	1	-6/+7
\|
*	Fix http(s)_request in dogtag. Was blowing up because of unicode strings.	Pavel Zuna	2010-03-30	1	-0/+4
\|
*	Move the HTTP/S request code to a common library	Rob Crittenden	2010-02-09	1	-1/+78
\| \| \| \| \| \| \| \|	This moves code that does HTTP and HTTPS requests into a common library that can be used by both the installer and the dogtag plugin. These functions are not generic HTTP/S clients, they are designed specifically to talk to dogtag, so use accordingly.
*	Allow replicas of an IPA server using an internal dogtag server as the CA	Rob Crittenden	2009-07-15	1	-4/+6
\| \| \| \| \| \| \| \|	This involves creating a new CA instance on the replica and using pkisilent to create a clone of the master CA. Also generally fixes IPA to work with the latest dogtag SVN tip. A lot of changes to ports and configuration have been done recently.
*	Raise an exception if the certificate chain is not returned from the CA	Rob Crittenden	2009-05-21	1	-6/+15
\|
*	Utilities for dealing with dogtag	Rob Crittenden	2009-04-24	1	-0/+41