pki.git - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
*	Minor fix to already fixed issue:	Jack Magne	2017-06-06	1	-5/+6
\| \| \| \|	The problem was that a tiny piece of the original patch didn't get checked in. This resolves this issue.
*	Now the program can create and import shared secret keys while under FIPS mode.	Jack Magne	2017-05-24	3	-22/+87
\|
*	Fixed pki-tools build order.	Endi S. Dewata	2016-12-18	5	-5/+5
\| \| \| \| \| \| \| \|	To help troubleshooting build issues the pki-tools build targets have been modified such that they run sequentially. This way error messages will be easier to find in the build log. https://fedorahosted.org/pki/ticket/2463
*	Added CMake target dependencies.	Endi S. Dewata	2016-07-26	1	-1/+1
\| \| \| \| \| \| \| \| \| \|	To help troubleshooting build issues, some CMake dependencies have been added to some targets even though the actual codes do not require those dependencies. This will ensure the targets are built sequentially so build failures can be found more easily at the end of the build log. https://fedorahosted.org/pki/ticket/2403
*	Fix coverity warnings for 'tkstool'	Jack Magne	2016-06-17	1	-5/+16
\| \| \| \| \| \|	Issues listed in the ticket addressed by this patch. Ticket #1199 : Fix coverity warnings for 'tkstool'.
*	Enhance tkstool for capabilities and security	Jack Magne	2016-05-12	2	-9/+13
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	The key is now generated with the flags needed to keep the data from being displayed with simple tools such as symkeyutil. As per cfu's instructions, I was able to test this with the nethsm only. I also was able to make the key des3 and everything works fine with the master key. This will help all the warnings we get about insecure des2 keys. If there is a problem with luna, we can file another ticket. Also there could be a built in tool for luna to generate keys such as is present on hsm.
*	sslget must set Host HTTP header	Christian Heimes	2015-12-15	1	-13/+10
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	The sslget tool sends a TLS SNI header. Apache doesn't like server name indication without a matching HTTP header. Requests without a Host header are refused with HTTP/1.1 400 Bad Request Hostname example.org provided via SNI, but no hostname provided in HTTP request sslget now sets a Host HTTP header for all requests. https://fedorahosted.org/pki/ticket/1704 Signed-off-by: Christian Heimes <cheimes@redhat.com>
*	Minor fix to "setpin" fix.	Jack Magne	2015-08-18	1	-1/+1
\| \| \| \| \| \| \| \| \|	The routine that sets the password of the "pinmanager" user was not working. A very simple one character fix takes care of it. Ticket # 1546 - Setpin utility doesn't set the pin for users. Checking in under the one line trivial change rule.
*	setpin utility doesn't set the pin for users.	Jack Magne	2015-08-13	2	-34/+30
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	There were some things wrong with the setpin utility. 1. There were some syntax violations that had to be dealt with or a DS with syntax checking would not be pleased. 2. The back end is expecting a byte of hash data at the beginning of the pin. In our case we are sending NO hash so we want this code at the beginning '-' 3. We also need to prepend the dn in front of the pin so the back end can verify the set pin. Tested to work during both steps of the setpin process: 1) Creating the schema, 2) creating the pin. Tested to work with actual PinBased Enrollment. 4. Fix also now supports the SHA256 hashing method only, with the sha256 being the default hash. The no hash option is supported but puts the pin in the clear.
*	Fixing upstream trac ticket 1150.	Abhishek Koneru	2014-10-09	2	-4/+8
\| \| \| \| \| \| \|	In both sslget.c and revoker.c there is an incorrect equality check which compares the output of a comparision operator with a constant(SECFailure) which has a value of -1. The fix will print the correct SECFailure or SECSuccess value for the do_writes method.
*	fix typo succesfully -> successfully	Benjamin Drung	2014-09-09	2	-2/+2
\|
*	Replace '-Wformat-security' warning with '-Werror=format-security' error	Matthew Harmsen	2013-12-18	1	-2/+2
\| \| \| \| \|	Bugzilla Bug #1037248 - pki-core FTBFS if "-Werror=format-security" flag is used Bugzilla Bug #1037249 - pki-tps FTBFS if "-Werror=format-security" flag is used
*	Fix sslget to skip link local addresses	Matthew Harmsen	2013-04-26	1	-40/+83
\| \| \| \| \|	* Bugzilla Bug #953464 - ipa-server-install crashes due to sslget error * Bugzilla Bug #859043 - ipa-server-install results in error -5987
*	Resolved Trac Ticket 367 - pkidestroy does not remove connector	Ade Lee	2013-01-15	1	-1/+5
\| \| \| \| \| \| \| \| \| \| \|	* Added RESTful servlet to add/remove a KRA connector from the CA. * Modified ACL to allow KRA subsystem user to remove connector. * Modified connector code to allow the connector to be replaced without a server restart. * Added functionality to pki CLI to add/remove connector * Added code to pkidestroy to remove the connector (using both pki CLI and sslget) When the issues with pki connection are resolved, we will use that method instead. * Modified sslget to accept HTTP return codes != 200. In this case, we were returning 204 - which is perfectly legitimate.
*	Removed unnecessary pki folder.	Endi Sukma Dewata	2012-03-26	55	-0/+24309
	Previously the source code was located inside a pki folder. This folder was created during svn migration and is no longer needed. This folder has now been removed and the contents have been moved up one level. Ticket #131