freeipa.git - FreeIPA project

	Commit message (Collapse)	Author	Age	Files	Lines
*	enable proxy for dogtag	Adam Young	2011-08-29	1	-1/+14
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Dogtag is going to be proxied through httpd. To make this work, it has to support renegotiation of the SSL connection. This patch enables renegotiate in the nss configuration file during during apache configuration, as well as modifies libnss to set the appropriate optins on the ssl connection in order to renegotiate. The IPA install uses the internal ports instead of proxying through httpd since httpd is not set up yet. IPA needs to Request the certificate through a port that uses authentication. On the Dogtag side, they provide an additional mapping for this: /ca/eeca/ca as opposed tp /ca/ee/ca just for this purpose. https://fedorahosted.org/freeipa/ticket/1334 add flag to pkicreate in order to enable using proxy. add the proxy file in /etc/http/conf.d/ Signed-off-by: Simo Sorce <ssorce@redhat.com>
*	Remove unused classes.	Jan Cholasta	2011-04-20	1	-23/+0
\| \| \| \| \|	Removed NSPRConnection and NSPRHTTP from ipapython.nsslib, as they are not used anywhere in FreeIPA.
*	Removed wrong timeout parameter	Sylvain Baubeau	2011-03-18	1	-1/+1
\| \| \| \| \| \|	https://fedorahosted.org/freeipa/ticket/1086 Add Sylvain Baubeau to Contributors.txt
*	Make nsslib IPv6 aware	Jakub Hrozek	2011-02-21	1	-16/+92
\|
*	Fix NSS initialization errors during ipa-replica-prepare	Rob Crittenden	2011-02-18	1	-5/+1
\| \| \| \| \| \| \| \| \| \| \|	When enabling replication we make an SSL connection. I think the way this goes is python-ldap -> openldap -> NSS. It may be a problem in the openldap SSL client, maybe it isn't calling NSS_Shutdown(). In any case if we use ldapi instead the problem goes away. Back out the temporary code to ignore nss_shutdown errors. ticket 965
*	Fix two problems with ipa-replica-prepare	Rob Crittenden	2011-02-14	1	-1/+5
\| \| \| \| \| \| \| \| \| \| \|	1. Fix a unicode() problem creating the DNS entries 2. Fix a strange NSS error when generating the certificates against a dogtag server. The NSS errors are quite strange. When generating the first certificate nss_shutdown() fails because the database isn't initialized yet but nss_is_initialized() returned True. The second pass fails because something is in use.
*	Change FreeIPA license to GPLv3+	Jakub Hrozek	2010-12-20	1	-5/+5
\| \| \| \| \| \| \| \| \| \|	The changes include: * Change license blobs in source files to mention GPLv3+ not GPLv2 only * Add GPLv3+ license text * Package COPYING not LICENSE as the license blobs (even the old ones) mention COPYING specifically, it is also more common, I think https://fedorahosted.org/freeipa/ticket/239
*	Changes to fix compatibility with Fedora 14	Rob Crittenden	2010-08-31	1	-2/+9
\| \| \| \| \| \| \| \| \| \| \| \|	Fedora 14 introduced the following incompatiblities: - the kerberos binaries moved from /usr/kerberos/[s]/bin to /usr/[s]bin - the xmlrpclib in Python 2.7 is not fully backwards compatible to 2.6 Also, when moving the installed host service principals: - don't assume that krbticketflags is set - allow multiple values for krbextradata ticket 155
*	Add support for client failover to the ipa command-line.	Rob Crittenden	2010-08-16	1	-0/+14
\| \| \| \| \| \| \| \| \| \| \| \|	This adds a new global option to the ipa command, -f/--no-fallback. If this is included then just the server configured in /etc/ipa/default.conf is used. Otherwise that is tried first then all servers in DNS with the ldap SRV record are tried. Create a new Local() Command class for local-only commands. The help command is one of these. It shouldn't need a remote connection to execute. ticket #15
*	Drop our own PKCS#10 ASN.1 decoder and use the one from python-nss	Rob Crittenden	2010-07-29	1	-0/+4
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This patch: - bumps up the minimum version of python-nss - will initialize NSS with nodb if a CSR is loaded and it isn't already init'd - will shutdown NSS if initialized in the RPC subsystem so we use right db - updated and added a few more tests Relying more on NSS introduces a bit of a problem. For NSS to work you need to have initialized a database (either a real one or no_db). But once you've initialized one and want to use another you have to close down the first one. I've added some code to nsslib.py to do just that. This could potentially have some bad side-effects at some point, it works ok now.
*	Clean up crypto code, take advantage of new nss-python capabilities	Rob Crittenden	2010-07-15	1	-1/+0
\| \| \| \| \| \| \| \|	This patch does the following: - drops our in-tree x509v3 parser to use the python-nss one - return more information on certificates - make an API change, renaming cert-get to cert-show - Drop a lot of duplicated code
*	use NSS for SSL operations	John Dennis	2010-06-15	1	-68/+160
\|
*	Require current versions of python-nss & python-lxml	John Dennis	2009-11-23	1	-1/+1
\| \| \| \| \| \|	ipa.spec.in \| 3 ++- ipapython/nsslib.py \| 2 +- 2 files changed, 3 insertions(+), 2 deletions(-)
*	Clean up some problems discovered with pylint and pychecker	Rob Crittenden	2009-08-12	1	-1/+0
\| \| \| \| \|	Much of this is formatting to make pylint happy but it also fixes some real bugs.
*	Add a local implementation of httplib.SSLFile and httplib.FakeSocket	rcrit	2009-07-01	1	-2/+9
\| \| \| \| \| \| \|	Python 2.6 changed its internal implementation which makes it difficult to override in a way that is backwards compatible. 508953
*	Implement an installer for the Dogtag certificate system.	Rob Crittenden	2009-04-03	1	-0/+150
	The CA is currently not automatically installed. You have to pass in the --ca flag to install it. What works: - installation - unistallation - cert/ra plugins can issue and retrieve server certs What doesn't work: - self-signed CA is still created and issues Apache and DS certs - dogtag and python-nss not in rpm requires - requires that CS be in the "pre" install state from pkicreate