summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Removed unnecessary pki folder.Endi Sukma Dewata2012-03-263744-0/+0
| | | | | | | | | Previously the source code was located inside a pki folder. This folder was created during svn migration and is no longer needed. This folder has now been removed and the contents have been moved up one level. Ticket #131
* BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changesMatthew Harmsen2012-03-265-8/+8
| | | | Top-level CMakeLists.txt & script file changes for core, kra, ocsp, and tks
* BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changesAde Lee2012-03-203-6/+61
| | | | Spec file changes for tks, ocsp, kra
* BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changesAde Lee2012-03-205-7/+25
| | | | | | | | | | Tomcat6 has changed the changed the location of the TOMCAT_LOG, and it should no longer point to catalina.out. This initially caused dogtag to break because the code to chown TOMCAT_LOG to TOMCAT_USER was removed. Added code to spec file to fix existing instances. Also fixed error in spec file. Incorrect selinux patch was being applied for f17.
* Get DOGTAG_9_BRANCH GIT repository in-sync with SVN namesakeMatthew Harmsen2012-03-1216-45/+185
| | | | | | | | | | | | | Migrated the following bugs: - Bugzilla Bug #747381 - After the migration (7.1->8.1) CA agent page displays admin cert request with authtime attribute twice - Bugzilla Bug #747019 - Migrated policy requests from 7.1->8.1 displays issuedcerts and cert_Info params as base 64 blobs. - Bugzilla Bug #757848 - DRM re-key tool: introduces a blank line in the middle of an ldif entry. - Resolved Bugzilla Bug #801840 - pki_silent.template missing opening brace for ca_external variable
* Fixes to cloning and security domain tables for client auth internaldb userAde Lee2012-03-0916-209/+380
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The mechanism for getting an ldap connection to the internaldb was incorrect, both in the Security Domain Session Table and the DatabasePanel. As a result, connections to the internaldb failed for accessing the security domain session table and when trying to clone a master which connects to its database using client auth. The thread that handles reading the security domain session table is now only instantiated when running on a configured security domain master. Additionally, needed acls for the client auth certificate ldap user have been moved to manager.ldif. This includes acls to allow creation and management of replication agreements and replication users (now being created under ou=csusers, cn=config) Added logs to show when ldif import errors occur. Also made sure to write and remove master ldap password for use in replication. Ticket #5 Conflicts resolved: pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java pki/base/migrate/80/MigrateSecurityDomain.java pki/base/util/src/com/netscape/cmsutil/ldap/LDAPUtil.java
* Remove PKI desktop iconsMatthew Harmsen2012-03-0613-228/+0
| | | | Bugzilla Bug #767800 - Firefox Launcher on Panel being modified for all users.
* Option to create ECC credentials for adminAndrew Wnuk2012-03-062-1/+13
| | | | | | Configuration wizard should provide option to issue ECC credentials for admin during ECC CA configuration. Bug #784387.
* BZ 769388 - pki-silent does not properly escape command-line argumentsAde Lee2012-03-051-1/+5
|
* Remove platform specific logic from patches for mock purposes.Matthew Harmsen2012-03-021-9/+9
|
* Option to change for default algorithmsAndrew Wnuk2012-02-296-7/+43
| | | | | | RSA should be default selection for transport, storage, and audit keys till ECC is fully implemented. Bug #787806.
* Enhanced compose scripts to download patchesMatthew Harmsen2012-02-2815-60/+360
| | | | | | Added platform-dependent patches for SELinux component Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16) Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17)
* Add client auth user to default installAde Lee2012-02-236-27/+176
| | | | | | | | | | | | | | | | | | When a subsystem is configured, a user is created to facilitate communication between subsystems. This user is created on the security domain ca, and is has the subsystem certificate in its user record. This user will be reused as a user that can talk to the database using the subsystem certificate for client auth. To do this, this patch does the following: 1. If not the security domain master CA, adds this user to the subsystem, and adds the subsystem cert. 2. Adds the subsystem cert subject dn to the user's record in the seeAlso attribute 3. Adds acis for this user for the $basedn and for cn=config (for VLV searches) By default, this user and acls will be added when the system is configured. To actually use the user and client auth, more config steps are required. They will be doc'ed in https://fedorahosted.org/pki/ticket/5
* BZ 739708 Selinux fix for ephemeral portsAde Lee2012-02-232-1/+4
|
* Fixed several miscellaneous build issuesMatthew Harmsen2012-02-224-8/+32
| | | | (see https://fedorahosted.org/pki/ticket/104)
* Selinux changes to allow dogtag to start on f17.Ade Lee2012-02-222-217/+219
| | | | Addresses java_exec_t issue in BZ 795966
* Sample ECC profilesAndrew Wnuk2012-02-214-2/+275
| | | | | | This patch provides two sample ECC certificate profiles. Bug: 223358.
* ECC encryption and signing profiles (part 2)Andrew Wnuk2012-02-156-32/+83
| | | | | | This patch provides an option for certificate profiles to allow them to automatically create enrollment pages which are used to generate new signing and encryption certificate requests. Bug: 703608.
* ECC encryption and signing profilesAndrew Wnuk2012-02-152-0/+374
| | | | | | This patch provides an option for certificate profiles to allow them to automatically create enrollment pages which are used to generate new signing and encryption certificate requests. Bug: 703608.
* File signing hash fix.Andrew Wnuk2012-01-191-1/+1
| | | | | | This patch resolves issue of "Agent-Authenticated File Signing" enrollment altering some file hashes. Bug: 771768.
* Merge branch 'DOGTAG_9_BRANCH' of ssh://git.fedorahosted.org/git/pki into ↵Christina Fu2012-01-191-25/+66
|\ | | | | | | DOGTAG_9_BRANCH
| * Fix of broken build of pki-tps in git repoMatthew Harmsen2012-01-181-25/+66
| | | | | | | | | | | | | | CMakeLists.txt file was changed to account for the removal of empty directories from the source code. Bugzilla Bug #782953
* | Bug 769739 - CC: self test verifySystemCertByNickname: certain failure will ↵Christina Fu2012-01-182-11/+14
| | | | | | | | | | | | not cause server to shutdown as expected There are two issues being fixed: 1. The variable, r, returned by verifySystemCertByTag() gets overwritten by the next return value in a while loop. The problem affects both java subsystems and TPS. 2. In the TPS system, within a while loop that calls verifySystemCertByNickname(), one condition does a "continue" without advancing to the next token, causing an infinite loop under that condition. Adding a PL_strtok_r(NULL, ",", &lasts); call resolves the issue.
* | Bug 769060 - Self-tests fail at OCSP subsystem restart -- with null ↵Christina Fu2012-01-181-1/+1
|/ | | | | | CertNickName in the audit output The issue was that the parameter ocsp.cert.signing.certusage=StatusResponder was missing the "certusage" component in CS.cfg.in. Adding it fixed the problem. cert nickname is added automatically at installation/configuration.
* List paging on CA and DRMAndrew Wnuk2012-01-174-19/+28
| | | | | | | This patch resolves multiple issues related to paging on request, certificate, and key lists. It also provides consistent behavior across all lists. Bug: 768138
* Big numbers fix for CA and DRM.Andrew Wnuk2012-01-1615-96/+93
| | | | | | | This patch resolves multiple issues related to use of big numbers on CA and DRM It also provides a fix for incomplete recovery requests causing null pointer exception. Bugs: 756133, 758505.
* BZ 771357 - sslget does not work after FEDORA-2011-17400 update, breaking ↵Ade Lee2012-01-051-9/+47
| | | | | | FreeIPA install Modified sslget doIO() function to be able to handle small reads.
* This branch was created from the 'DOGTAG_9_0_FEDORA_15_16_17_20111028' tag.mharmsen2011-11-110-0/+0
| | | | git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/branches/DOGTAG_9_BRANCH@2293 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
* Bugzilla Bug #737761 - Update Dogtag Packages for Fedora 16DOGTAG_9_0_FEDORA_15_16_17_20111028mharmsen2011-10-293740-0/+808652
| | | | git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/tags/DOGTAG_9_0_FEDORA_15_16_17_20111028@2279 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
* Bugzilla Bug #737761 - Update Dogtag Packages for Fedora 16mharmsen2011-10-290-0/+0
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/tags/DOGTAG_9_0_FEDORA_15_16_17_20111028@2278 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
generated by cgit (git 2.34.1) at 2024-07-02 16:50:46 +0000