pki.git/base/native-tools, branch branch-10.2.7-dev1 Unnamed repository; edit this file 'description' to name the repository. sslget must set Host HTTP header 2015-12-15T22:59:40+00:00 Christian Heimes cheimes@redhat.com 2015-11-25T19:42:17+00:00 d895ca41472112a3ef07486419d4580f6c9d0983 The sslget tool sends a TLS SNI header. Apache doesn't like server name indication without a matching HTTP header. Requests without a Host header are refused with HTTP/1.1 400 Bad Request Hostname example.org provided via SNI, but no hostname provided in HTTP request sslget now sets a Host HTTP header for all requests. https://fedorahosted.org/pki/ticket/1704 Signed-off-by: Christian Heimes <cheimes@redhat.com> (cherry picked from commit 73f5e33c945d865a88b47491b73553ba8ecf2f53) 
The sslget tool sends a TLS SNI header. Apache doesn't like server name
indication without a matching HTTP header. Requests without a Host
header are refused with

HTTP/1.1 400 Bad Request
Hostname example.org provided via SNI, but no hostname provided in HTTP request

sslget now sets a Host HTTP header for all requests.

https://fedorahosted.org/pki/ticket/1704

Signed-off-by: Christian Heimes <cheimes@redhat.com>
(cherry picked from commit 73f5e33c945d865a88b47491b73553ba8ecf2f53)
Minor fix to "setpin" fix. 2015-08-19T22:57:24+00:00 Jack Magne jmagne@localhost.localdomain 2015-08-18T23:50:50+00:00 bcf2c5677ea4ca1afd10ea9e00dc2b692a57d18b The routine that sets the password of the "pinmanager" user was not working. A very simple one character fix takes care of it. Ticket # 1546 - Setpin utility doesn't set the pin for users. Checking in under the one line trivial change rule. (cherry picked from commit 6260a6d20c113343dd04cdbed999865ebc1650c9) 
The routine that sets the password of the "pinmanager" user was
not working. A very simple one character fix takes care of it.

Ticket # 1546 - Setpin utility doesn't set the pin for users.

Checking in under the one line trivial change rule.

(cherry picked from commit 6260a6d20c113343dd04cdbed999865ebc1650c9)
setpin utility doesn't set the pin for users. 2015-08-14T18:00:53+00:00 Jack Magne jmagne@localhost.localdomain 2015-08-12T01:26:04+00:00 4743a86beb48b81edc90d8e35ebbebfa414faea2 There were some things wrong with the setpin utility. 1. There were some syntax violations that had to be dealt with or a DS with syntax checking would not be pleased. 2. The back end is expecting a byte of hash data at the beginning of the pin. In our case we are sending NO hash so we want this code at the beginning '-' 3. We also need to prepend the dn in front of the pin so the back end can verify the set pin. Tested to work during both steps of the setpin process: 1) Creating the schema, 2) creating the pin. Tested to work with actual PinBased Enrollment. 4. Fix also now supports the SHA256 hashing method only, with the sha256 being the default hash. The no hash option is supported but puts the pin in the clear. (cherry picked from commit f60846e025ff5492e8c05ccf525fe8df1b59bba6) 
There were some things wrong with the setpin utility.

1. There were some syntax violations that had to be dealt with or a DS with syntax checking
would not be pleased.

2. The back end is expecting a byte of hash data at the beginning of the pin.
In our case we are sending NO hash so we want this code at the beginning '-'

3. We also need to prepend the dn in front of the pin so the back end can verify the set pin.

Tested to work during both steps of the setpin process: 1) Creating the schema, 2) creating the pin.
Tested to work with actual PinBased Enrollment.

4. Fix also now supports the SHA256 hashing method only, with the sha256 being the default hash.
The no hash option is supported but puts the pin in the clear.

(cherry picked from commit f60846e025ff5492e8c05ccf525fe8df1b59bba6)
Fixing upstream trac ticket 1150. 2014-10-09T19:03:06+00:00 Abhishek Koneru akoneru@redhat.com 2014-10-07T18:52:53+00:00 72bad14bb14e16455874fd8c38913a7ccca407e2 In both sslget.c and revoker.c there is an incorrect equality check which compares the output of a comparision operator with a constant(SECFailure) which has a value of -1. The fix will print the correct SECFailure or SECSuccess value for the do_writes method. 
In both sslget.c and revoker.c there is an incorrect equality
check which compares the output of a comparision operator with
a constant(SECFailure) which has a value of -1. The fix will print
the correct SECFailure or SECSuccess value for the do_writes method.
fix typo succesfully -> successfully 2014-09-09T18:42:29+00:00 Benjamin Drung benjamin.drung@profitbricks.com 2014-09-09T16:55:41+00:00 f2f6421c3e50613401a47c2fe10c8666eaa5165c 






Replace '-Wformat-security' warning with '-Werror=format-security' error
2013-12-19T01:33:14+00:00

Matthew Harmsen
mharmsen@redhat.com

2013-12-16T23:17:57+00:00

3b7705f419782ea712577a5b06aa3f161f42b9c2

Bugzilla Bug #1037248 - pki-core FTBFS if "-Werror=format-security" flag is used
Bugzilla Bug #1037249 - pki-tps FTBFS if "-Werror=format-security" flag is used





Bugzilla Bug #1037248 - pki-core FTBFS if "-Werror=format-security" flag is used
Bugzilla Bug #1037249 - pki-tps FTBFS if "-Werror=format-security" flag is used







Fix sslget to skip link local addresses
2013-04-26T10:09:20+00:00

Matthew Harmsen
mharmsen@redhat.com

2013-04-26T09:43:51+00:00

7ca438db07efb122bc93efd0471be7a2be34b663

* Bugzilla Bug #953464 - ipa-server-install crashes due to sslget error
* Bugzilla Bug #859043 - ipa-server-install results in error -5987





* Bugzilla Bug #953464 - ipa-server-install crashes due to sslget error
* Bugzilla Bug #859043 - ipa-server-install results in error -5987







Resolved Trac Ticket 367 - pkidestroy does not remove connector
2013-01-15T14:28:38+00:00

Ade Lee
alee@redhat.com

2012-12-20T22:38:13+00:00

1cceecafb8050ec362a9c9568d36d52d3fe4117e

* Added RESTful servlet to add/remove a KRA connector from the CA.
* Modified ACL to allow KRA subsystem user to remove connector.
* Modified connector code to allow the connector to be replaced without a server restart.
* Added functionality to pki CLI to add/remove connector
* Added code to pkidestroy to remove the connector (using both pki CLI and sslget)
  When the issues with pki connection are resolved, we will use that method instead.
* Modified sslget to accept HTTP return codes != 200.  In this case, we were returning
  204 - which is perfectly legitimate.





* Added RESTful servlet to add/remove a KRA connector from the CA.
* Modified ACL to allow KRA subsystem user to remove connector.
* Modified connector code to allow the connector to be replaced without a server restart.
* Added functionality to pki CLI to add/remove connector
* Added code to pkidestroy to remove the connector (using both pki CLI and sslget)
  When the issues with pki connection are resolved, we will use that method instead.
* Modified sslget to accept HTTP return codes != 200.  In this case, we were returning
  204 - which is perfectly legitimate.







Removed unnecessary pki folder.
2012-03-26T16:43:54+00:00

Endi Sukma Dewata
edewata@redhat.com

2012-03-24T07:27:47+00:00

621d9e5c413e561293d7484b93882d985b3fe15f

Previously the source code was located inside a pki folder.
This folder was created during svn migration and is no longer
needed. This folder has now been removed and the contents have
been moved up one level.

Ticket #131





Previously the source code was located inside a pki folder.
This folder was created during svn migration and is no longer
needed. This folder has now been removed and the contents have
been moved up one level.

Ticket #131