diff options
author | Christina Fu <cfu@redhat.com> | 2017-03-10 19:50:13 -0800 |
---|---|---|
committer | Christina Fu <cfu@redhat.com> | 2017-03-28 09:13:43 -0400 |
commit | 58b0563caac110e6950657eb9894c6981f179452 (patch) | |
tree | 11d7fbec8a513b85e1f11146476fc819dd7189a1 /base/ca | |
parent | 5f2d025962afa34deca93c3b46ff374376c0ea43 (diff) | |
download | pki-58b0563caac110e6950657eb9894c6981f179452.tar.gz pki-58b0563caac110e6950657eb9894c6981f179452.tar.xz pki-58b0563caac110e6950657eb9894c6981f179452.zip |
Bug 1419742: CMC RFE: provide Proof of Possession for encryption cert requests CMC encryptedPOP and decrypedPOP (Phase 1) also disable lraPOPwitness This patch implements the Proof of Possession for encryption only keys. This is a preliminary implementation with limitations. It does not support more than one request. ECC keys are untested. This version only uses default algorithms at some internal places. Not all limitations are listed here.
Diffstat (limited to 'base/ca')
-rw-r--r-- | base/ca/shared/conf/CS.cfg | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/base/ca/shared/conf/CS.cfg b/base/ca/shared/conf/CS.cfg index 2d7cb9895..e8003603b 100644 --- a/base/ca/shared/conf/CS.cfg +++ b/base/ca/shared/conf/CS.cfg @@ -731,7 +731,7 @@ ca.publish.rule.instance.LdapXCertRule.predicate= ca.publish.rule.instance.LdapXCertRule.publisher=LdapCrossCertPairPublisher ca.publish.rule.instance.LdapXCertRule.type=xcert cmc.cert.confirmRequired=false -cmc.lraPopWitness.verify.allow=true +cmc.lraPopWitness.verify.allow=false cmc.revokeCert.verify=true cmc.revokeCert.sharedSecret.class=com.netscape.cms.authentication.SharedSecret cmc.sharedSecret.class=com.netscape.cms.authentication.SharedSecret |