| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
The connectionTimeout parameter has been restored to 80 seconds.
The keepAliveTimeout parameter has been set to 5 minutes.
https://pagure.io/dogtagpki/issue/2643
Change-Id: I05bca0284ad946d833ed144e2f93a4ef4b9b6f0f
|
| |
|
|
|
|
|
|
|
| |
The default SSL connection timeout has been changed to 5 minutes
to improve PKI console usability.
https://pagure.io/dogtagpki/issue/2643
Change-Id: I905ca855285ddd655d965488b175c2d11fe407fd
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously the /pki webapp was only added if the theme was present
during installation, and there were separate webapps for /pki/admin
and /pki/js. If the theme was installed later, the /pki webapp had
to be configured manually.
To simplify the installation and to support other developments
(e.g. login banner), the /pki webapp will always be added during
installation regardless of theme, and the /pki/admin and /pki/js
webapps are merged into /pki webapp. When the theme package is
installed, it will create links in /pki webapp so the theme files
will become available without additional configuration.
An upgrade script has been added to merge the /pki webapp in
existing instances.
https://fedorahosted.org/pki/ticket/2582
|
| |
|
|
|
|
|
| |
The CMake scripts have been modified to remove redundant
invocations of find_file() to find Tomcat libraries.
https://fedorahosted.org/pki/ticket/2560
|
| |
|
|
|
|
|
|
| |
The list of source and class files in some CMake files have been
generalized to allow renaming Java packages without changing the
CMake files again.
https://fedorahosted.org/pki/ticket/6
|
| |
|
|
|
|
|
|
| |
For consistency the server.xml templates for Tomcat 7 and 8 have
been modified to use the same unsecure port used by the instance
in the default OCSP responder URL.
https://fedorahosted.org/pki/ticket/2476
|
| |
|
|
|
|
|
|
| |
Look for the right JAX-RS API JAR (it has moved in Fedora 25).
Also remove a lot of redundant 'find_file' operations for this JAR.
Fixes: https://fedorahosted.org/pki/ticket/2373
|
| |
|
|
|
| |
Here we will address this by putting a comment in the server.xml,
around the area where the ocsp settings are document.
|
| |
|
|
|
|
|
|
| |
This allows IPA to handle the case of a pure ipv6
environment in which the ipv4 loopback interface is
not available.
Ticket 1717
|
| |
|
|
|
|
|
|
| |
All methods in ProxyRealms for Tomcat 7 and 8 have been modified
to check whether the subsystem is available, then generate a proper
error message instead of null pointer exception.
https://fedorahosted.org/pki/ticket/2326
|
| |
|
|
|
|
|
| |
Ticket #1921
Trivial fix to add or up this connectionTimeout value to 80000 or 80 secs.
Fix already tested informally in the field by QE.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
server.xml contains metadata read by pkidaemon which includes URLs,
in XML comments. If the hostname contains `--', the parse fails.
Instead of XML comments, put this information in XML Processing
instructions[1], which allows double-hyphens to be used.
[1] https://www.w3.org/TR/REC-xml/#NT-PI
Fixes: https://fedorahosted.org/pki/ticket/1260
|
| |
|
|
|
|
|
|
|
| |
Two Tomcat version-specific implementations of
SSLAuthenticatorWithFallback exist, with much duplicate code.
Extract an abstract base class 'AbstractPKIAuthenticator' and
implement just the unique bits in the concrete classes.
Part of: https://fedorahosted.org/pki/ticket/1359
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes the RSA ciphers that were mistakenly turned on under ECC
section, and off under RSA section. A few adjustments have also been made
based on Bob Relyea's feedback. A new file, <instance>/conf/ciphers.info
was also created to
1. provide info on the ciphers
2. provide default rsa and ecc ciphers for admins to incorporate into earlier
instances (as migration script might not be ideal due to possible customization)
(cherry picked from commit 67c895851781d69343979cbcff138184803880ea)
|
| |
|
|
|
|
|
| |
- PKI TRAC Ticket #1443 - pkidaemon status tomcat list URLs under PKI
subsystems which are not accessible
- PKI TRAC Ticket #1518 - OCSP ee url returned by pkidaemon status tomcat
shows an error page
|
| |
|
|
|
|
| |
Ticket # 1466 .
Also remove some needless copies of server.xml from the code.
|
| |
|
|
|
| |
- PKI TRAC Ticket #1443 - pkidaemon status tomcat list URLs under PKI
subsystems which are not accessible
|
| |
|
|
|
|
|
| |
The operations script and the server.xml templates have been
modified to display TPS status in pkidaemon.
https://fedorahosted.org/pki/ticket/1278
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds some new unit files and targets for starting instances
with nuxwdog, as well as logic within the pki-server nuxwdog module to
switch to/from the old and new systemd unit files.
It also corrects some issues found in additional testing of the nuxwdog
change scripts.
To use nuxwdog to start the instance, a user needs to do the following:
1. Create an instance normally.
2. Run: pki-server instance-nuxwdog-enable <instance_name>
3. Start the instance using:
systemctl start pki-tomcatd-nuxwdog@<instance_name>.service
To revert the instance, simply do the following:
1. Run: pki-server instance-nuxwdog-disable <instance_name>
2. Start the instance using:
systemctl start pki-tomcatd@<instance_name>.service
|
| |
|
|
|
|
|
|
| |
The deployment tool has been modified to deploy the theme files
directly from /usr/share/pki. New deployment descriptors have been
added for admin templates and JS library.
https://fedorahosted.org/pki/ticket/499
|
| |
|
|
| |
Specifically changes to CS.cfg, server.xml and tomcat.conf
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is the first of several commits. This adds a LifecycleListener
to call init() on the nuxwdog client before any connectors or webapps
start up, and call sendEndInit() once initialization completes.
Code is also added to prompt for and test required passwords on startup.
All that is required to use nuxwdog is to start the server using nuxwdog.
An environment variable will be set that will trigger creation of the
NuxwdogPasswordStore. We expect tags for the required passwords to be in
cms.passwordList
|
|
|
The Dogtag code has been modified to support both Tomcat 7 and 8.
All files depending on a specific Tomcat version are now stored
in separate folders. The build scripts have been modified to use
the proper folder for the target platform. The tomcatjss
dependency has been updated as well.
The upgrade script will be added in a separate patch.
https://fedorahosted.org/pki/ticket/1264
|
