pki.git/base/common/share/etc, branch master Unnamed repository; edit this file 'description' to name the repository. Enabling all subsystems on startup. 2017-05-23T19:03:20+00:00 Endi S. Dewata edewata@redhat.com 2017-05-22T20:34:58+00:00 8016ed7972d9211e7f0db14e45bc9658a7b292ef The operations script has been modified to enable all subsystems on startup by default. If the selftest fails, the subsystem will be shutdown again automatically as before. A pki.conf option has been added to configure this behavior. https://pagure.io/dogtagpki/issue/2699 Change-Id: Iaf367ba2d88d73f377662eee5eafbb99e088ae50 
The operations script has been modified to enable all subsystems
on startup by default. If the selftest fails, the subsystem will
be shutdown again automatically as before. A pki.conf option has
been added to configure this behavior.

https://pagure.io/dogtagpki/issue/2699

Change-Id: Iaf367ba2d88d73f377662eee5eafbb99e088ae50
Change CRMFPopClient to use AES-KeyWrap with padding 2017-03-24T20:37:16+00:00 Ade Lee alee@redhat.com 2017-03-23T16:40:03+00:00 874825f2d8e41b276aa3674d0cff5912dc6a55fa Also made a couple of small changes to WrappingParams. * Set the wrapIV to null when AES KeyWrap is used. Trying to unpack the PKIArchiveOptions package with this IV set to null fails. * removed superfluous this modifiers. Added a parameter KEY_WRAP_PARAMETER_SET which is set in /etc/pki/pki.conf. If this parameter is set to 0, we will use the old DES3 algorithms. This can be set by clients talking to old servers. CRMFPopClient has the ability to automatically submit requests to a CA. In this case, we shouldcontact the server and determine the version using InfoClient, and choose the algorithm accordingly. We will implement this in a separate patch. Change-Id: Ib4a99545cb59b62a96c272311595e96dda10979e 
Also made a couple of small changes to WrappingParams.
* Set the wrapIV to null when AES KeyWrap is used.  Trying to unpack
  the PKIArchiveOptions package with this IV set to null fails.
* removed superfluous this modifiers.

Added a parameter KEY_WRAP_PARAMETER_SET which is set in /etc/pki/pki.conf.
If this parameter is set to 0, we will use the old DES3 algorithms.  This
can be set by clients talking to old servers.

CRMFPopClient has the ability to automatically submit requests to
a CA.  In this case, we shouldcontact the server and determine the
version using InfoClient, and choose the algorithm accordingly.
We will implement this in a separate patch.

Change-Id: Ib4a99545cb59b62a96c272311595e96dda10979e
Added support for disabling SSL ciphers in pki.conf. 2017-03-21T03:08:57+00:00 Endi S. Dewata edewata@redhat.com 2017-03-17T18:25:07+00:00 f40e0d002e57cadd5dc254d096db52de439ed900 The CryptoUtil.setSSLCiphers() has been modified to support a "-" sign in front of the cipher name or ID to disable the cipher. 
The CryptoUtil.setSSLCiphers() has been modified to support a "-"
sign in front of the cipher name or ID to disable the cipher.
Added support for hex cipher IDs in pki.conf. 2017-03-21T03:08:49+00:00 Endi S. Dewata edewata@redhat.com 2017-03-19T19:23:23+00:00 f0bc2e5cf6bcce46d1b09ef9a0b5c497ce60a3bf The CryptoUtil.setSSLCipher() has been modified to support ciphers specified using hex ID. 
The CryptoUtil.setSSLCipher() has been modified to support ciphers
specified using hex ID.
Added pki.conf parameter for default SSL ciphers. 2017-03-19T21:43:32+00:00 Endi S. Dewata edewata@redhat.com 2017-03-19T20:47:08+00:00 de4b48b9e4523a865e74f8122e130e976b124410 A new parameter has been added to pki.conf to enable/disable the default SSL ciphers for PKI CLI. 
A new parameter has been added to pki.conf to enable/disable the
default SSL ciphers for PKI CLI.
Added pki.conf parameter for SSL ciphers. 2017-03-19T21:40:45+00:00 Endi S. Dewata edewata@redhat.com 2017-03-17T18:25:07+00:00 a0fde2d91a02c4d11b698582a2cd64a76765ed25 A new parameter has been added to pki.conf to configure the SSL ciphers used by PKI CLI in addition to the default ciphers. 
A new parameter has been added to pki.conf to configure the SSL
ciphers used by PKI CLI in addition to the default ciphers.
Added configuration parameters for SSL version ranges. 2017-03-19T18:31:21+00:00 Endi S. Dewata edewata@redhat.com 2017-03-17T18:20:30+00:00 31683301b69fda23893c80af7c34c42a75e1b906 The hard-coded SSL version ranges in PKI CLI have been converted into configurable parameters in the pki.conf. 
The hard-coded SSL version ranges in PKI CLI have been converted
into configurable parameters in the pki.conf.
Exporting environment variables for PKI client. 2017-03-16T21:58:50+00:00 Endi S. Dewata edewata@redhat.com 2017-03-16T05:22:09+00:00 51b72a348f61544a98850fcd7e5341322b899d3b The default pki.conf has been modified to export the environment variables such that they can be used by PKI client. 
The default pki.conf has been modified to export the environment
variables such that they can be used by PKI client.
Added man pages for logging configuration. 2016-11-18T05:53:37+00:00 Endi S. Dewata edewata@redhat.com 2016-11-08T15:42:01+00:00 dbff34d56615e888823c89a4a4f6d476bb1ccf17 New man pages have been added for the common and server logging configurations. https://fedorahosted.org/pki/ticket/1897 
New man pages have been added for the common and server logging
configurations.

https://fedorahosted.org/pki/ticket/1897
Updated logging.properties. 2016-11-18T01:41:31+00:00 Endi S. Dewata edewata@redhat.com 2016-11-16T23:27:58+00:00 e674bc51b4d23bc362a1312addd0b09625cf5747 To reduce maintenance the logging.properties is no longer copied into the instance folder during deployment. Instead, a link will be created in /etc/pki/<instance> pointing to the default file in /usr/share/pki/server/conf. The default logging.properties has been updated to only log messages with level WARNING or higher on the console. https://fedorahosted.org/pki/ticket/1897 
To reduce maintenance the logging.properties is no longer copied
into the instance folder during deployment. Instead, a link will
be created in /etc/pki/<instance> pointing to the default file
in /usr/share/pki/server/conf.

The default logging.properties has been updated to only log
messages with level WARNING or higher on the console.

https://fedorahosted.org/pki/ticket/1897