| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
|
|
| |
1. Change to system cert verification test to allow successful return
if all certs pass
2. Change to functions to allow correct processing of tus link
|
| |
|
|
|
|
| |
recovering, wrapping unwrapping keys should be done in the token
|
| |
|
|
|
|
|
| |
* TRAC Ticket #333 - Increase audit cert renewal range to 2 years
* Bugzilla Bug #843979 - Increase audit cert renewal range to 2 years
|
| |
|
|
|
|
|
|
|
| |
This patch removes "fixed" year from time based searches for agent and EE interfaces.
It also unifies time selection between search and revocation templates.
Bug 854420.
|
|
|
|
| |
TMS ECC infrastructure (enrollment with client-side and server-side key generation, and key archival)
|
|
|
|
| |
internal db in cert status thread.
|
|
|
|
| |
internal db in cert status thread.
|
|
|
|
|
| |
* TRAC Ticket #301 - Need to modify init scripts to verify needed
symlinks in an instance (support non-default instance names)
|
| |
|
| |
|
| |
|
|
|
|
| |
This allow server to come up with DS where anon binds are turned off.
|
|
|
|
| |
'Terminated' to be formatted and reused.
|
|
|
|
| |
- symkey PK11_Derive.
|
|
|
|
|
| |
* TRAC Ticket #301 - Need to modify init scripts to verify needed
symlinks in an instance
|
|
|
|
|
|
| |
Small correction to fix for bug #819123.
Bug #819123
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
This change needs to be checked in as a patch to f17, rather than
in upstream code. Otherwise it breaks f16.
This reverts commit 868e724716512762ad780f15a10a7a4b88fb1487.
|
|
|
|
| |
TPS ECC: when TPS server acts as an ECC SSL client to CA, TKS, or DRM, it needs to support ECC ciphers
|
|
|
|
|
|
|
|
| |
generation
This patch calls with the right flags for each supported HSM to the new
certutil that addressed the following bug:
Bug 820684 - certutil support for EC on HSMs - need to call PK11_GenerateKeyPairWithOpFlags()
|
|
|
|
| |
'hybrid_rpms' rather than 'rpms'.
|
| |
|
|
|
|
|
|
| |
This patch prevents DRM connector to be overwritten by subsequent DRM installations.
Bug 804179.
|
| |
|
|
|
|
| |
TPS installation wizard: SizePanel needs to support ECC curve selection
|
|
|
|
|
|
|
|
| |
ECC support for tpsclient
two parameters are added in the config file (see enroll.tps.ec for example): slotnamefile - this points to a file that contains the slot name. The reason why the slot name goes into another file instead of the conf file is because the existing conf file uses spaces for deliminator and I don't want to change the usage (and QE's tests) by changing it to something else. tokpasswod is the tokebn password
This ECC feature requires the up-coming ECC supporting TPS to trigger. Testing of the ECC specific areas requires the availability of such ECC TPS. Without it, one can test with the old RSA method to see if it's broken.
|
|
|
|
|
|
|
| |
This patch corrects process of attaching OCSP subsystem to CA.
It improves handling of adding subsequent OCSP subsystems to CA.
Bugs: 804179 and 804176.
|
| |
|
|
|
|
|
| |
the module index to ap_log_error() when calling it. The remote_ip
member of the connection struct also was renamed to client_ip.
|
|
|
|
|
|
| |
This patch corrects certificate import for IE
Bug: 845387.
|
|
|
|
|
|
| |
This patch corrects certificate import for IE
Bug: 845387.
|
|
|
|
|
|
| |
This patch adds ECC directory enrollment profile.
Bug: 748514.
|
|
|
|
|
|
| |
This patch enables ECC enrollments for IE.
Bug: 748514.
|
|
|
|
|
|
| |
This patch eliminates CA crash caused by default Android browser.
Bug: 819123.
|
| |
|
| |
|
|
|
|
|
|
| |
This patch provides fix to OCSP agent inability of removing a CA from the List of Certificate Authorities in some circumstances.
Bug: 837124.
|
|
|
|
|
|
| |
This patch provides verification of revocation reasons and proper handling for removeFromCRLrevocation reason.
Bug: 441354.
|
|
|
|
|
|
|
| |
Ticket #373
This fix just appends a dummy value to the array, which consumes the error 53.
Patch provided by mreynolds.
|
|
|
|
|
|
| |
support ECC
This patch allows TPS administrators to enroll for EC cert during installation wizard. It follows the same implementation as the Java subsystems and defaults to nistp256
|
| |
|
|
|
|
|
| |
Added code to add the required ou=cmsusers container to cn=config
on the master if it does not exist, when replication users are set up.
|
|
|
|
| |
- The real fix is in JSS alone; This patch only adds better error handling and non-static salt.
|