| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
- PKI TRAC Ticket #1187 - mod_perl should be removed from requirements for 10.2
- PKI TRAC Ticket #1205 - Outdated selinux-policy dependency.
- Removed perl(XML::LibXML), perl-Crypt-SSLeay, and perl-Mozilla-LDAP runtime
dependencies
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix now includes last review comments where we decided to consolidate 3 of the
ldif files: schema.ldif,database.ldif, and manager.ldif.
Each one of these 3 files contains the data needed for any subsystem for that file.
The subsystem specific files for these 3 go away in the source tree.
The first iteration of this fix was copying these 3 files into an undesirable directory.
This is no longer the case.
Extra code in the python installer allows one to establish a "file exclusion" callback to
keep a set of desired files from being copied when the installer does a directory copy.
All subsystems have been tested, including TPS with a brand new DS (which was the original reason for this fix),
and they appear to work fine.
Addressed further review comments:
1. Removed trailing whitespace instances from schema.ldif which had some.
2. Used pycharm to remove the few PEP violations I had previously added to the Python code.
3. Changed the format of the schema.ldif file to make all the entries use the same style.
Previously the TPS entries was using an all in one syntax. No more since now each entry is separate.
4. Changed the name of an argument in one of the new Python methods to get rid of a camelCase instance.
5. Tested everything to work as before, including basic TPS operations such as Format.
Fixed a method comment string and fixed some typos.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
The PKCS #9 challengePassword attribute has DirectoryString syntax.
Dogtag currently attempts only to decode it as a PrintableString,
causing failures when the attribute is encoded as a UTF8String.
Add method DerValue.getDirectoryString() to decode any of the valid
DirectoryString encodings and update ChallengePassword to use it.
https://fedorahosted.org/pki/ticket/1221
|
| | |
|
| |
|
|
|
|
|
|
|
| |
A new optional property has been added to certificate profiles to
specify the range unit. The default range unit is 'day'. The code
has been modified to use the Calendar API to calculate the end of
validity range based on the range unit.
https://fedorahosted.org/pki/ticket/1226
|
| |
|
|
| |
- PKI TRAC #1211 - New release overwrites old source tarball
|
| |
|
|
|
| |
The code in ConfigurationUtils has been cleaned up and reformatted
to improve readability.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Previously during clone installation if the PKCS12 file contains
both expired and renewed certificates the code might incorrectly
import the expired certificate instead of the renewed one, thus
failing the installation.
The code has been fixed to validate the certificates in the PKCS12
file such that only the valid ones will be imported into the clone.
https://fedorahosted.org/pki/ticket/1093
|
| |
|
|
|
|
| |
Modify generate_new_cert function to comment out
the lines which add the CA signing cert and user/server
cert to Temp NSS DB
|
| | |
|
| |
|
|
|
| |
to have random strings generated with openssl
rand and $RANDOM.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The BasicConstraintsExtConstraint min/max path length validity check
ensures that the max length is greater than the min length, however,
when a negative value is used to represent "no max", the check
fails.
Only compare the min and max length if the max length is
non-negative.
Ticket #1035
|
| |
|
|
|
|
|
| |
- Ticket 1198 Bugzilla 1158410 add TLS range support to server.xml
by default (cfu)
- PKI Trac Ticket #1211 - New release overwrites old source tarball (mharmsen)
- TLS Compliance
|
| |
|
|
| |
- PKI Trac Ticket #1211 - New release overwrites old source tarball
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Bugzilla Bug #1165351 - Errata TPS test fails due to dependent packages not
found
(cherry picked from commit d7a0807b7493fc3d86900ee4aaf8199efd824907)
Conflicts:
base/java-tools/templates/pki_java_command_wrapper.in
base/java-tools/templates/pretty_print_cert_command_wrapper.in
base/java-tools/templates/pretty_print_crl_command_wrapper.in
base/server/python/pki/server/deployment/pkiparser.py
base/server/scripts/operations
(cherry picked from commit c8d73ade2c651fd5ca01226c89d5d19828bfc9b7)
|
| | |
|
| | |
|
| |
|
|
| |
Included files relating to bug verification
|
| | |
|
| | |
|
| |
|
|
|
|
| |
In pki cert-revoke, comment the SUBCA test, because
when jobs are ran in parallel, this can go for a very
big loop.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Replace /dev/urandom for junk characters with openssl rand
and user $RANDOM for random integer values
|
| | |
|
| |
|
|
|
|
|
|
|
| |
The archive_encrypted_data() in KeyClient has been modified to have
a default value for the algorithm OID and to take a nonce IV object
instead of the base-64 encoded value.
https://fedorahosted.org/pki/ticket/1155
https://fedorahosted.org/pki/ticket/1156
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The current profile inputs/outputs do not have meaningful IDs
(e.g. i1, i2, o1) and are not used by the client so they should
not be displayed in the CLI output.
In the future the IDs should be renamed into something meaningful
(e.g. keygen, sn, cert) and the inputs/outputs should be retrieved
by ID. New methods have been added to retrieve by ID.
https://fedorahosted.org/pki/ticket/1147
|
| |
|
|
| |
dependencies)
|
| |
|
|
| |
and upgrade
|
| |
|
|
| |
acting as client
|
| |
|
|
|
| |
We first verify if the /opt/rhqa_pki/certsdb_dir exits
if it exits, we do not run client-init
|
| |
|
|
|
| |
--password option has been removed from pki group-add-member,
user-cert-add commands
|
| |
|
|
|
|
| |
install fails.
env.sh client_database_dir param included for
every CA install.
|
| |
|
|
| |
TLS v1.2
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
