dogtag-pki (10.10.2-3)
[PTS] [DDPO]
NEW: VCS has unreleased changes: 10.10.5-1 > 10.10.2-3
- Git: https://salsa.debian.org/freeipa-team/dogtag-pki.git
-
- Branch: master
- Path: debian/changelog
- Browser: https://salsa.debian.org/freeipa-team/dogtag-pki
- Last scan: 2021-07-26 02:44:06+00
- Next scan: 2021-07-31 13:47:00+00
- CI pipeline status: success
- Debian changelog in Git:
dogtag-pki (10.10.5-1) UNRELEASED; urgency=medium
* New upstream release.
-- Timo Aaltonen <tjaalton@debian.org> Thu, 28 Jan 2021 13:06:45 +0200
- This branch is 96 commits ahead of tag debian/10.10.2-1
- Git log:
commit 86fb1f0b45aeeaf5b504ce30e682da28764d5961
Author: Timo Aaltonen <tjaalton@debian.org>
Date: Fri Mar 5 16:44:16 2021 +0200
bump the version
commit 639e59e357cdaec61586f19a7b23f08702fcc982
Merge: d6ddc1746 5b5ddd5d7
Author: Timo Aaltonen <tjaalton@debian.org>
Date: Fri Mar 5 16:43:54 2021 +0200
Merge branch 'upstream'
commit 5b5ddd5d736fd719cc94a159af392fff91a734c7
Author: Endi S. Dewata <edewata@redhat.com>
Date: Tue Feb 23 09:15:40 2021 -0600
Update version number to 10.10.5
commit d9e8b3ed798f0671904d1db61eead1b5e5741bb5
Author: Endi S. Dewata <edewata@redhat.com>
Date: Wed Feb 17 09:12:14 2021 -0600
Update doc for installing PostgreSQL JDBC driver
commit 445b3816ab916275629af5b6f6537e98e65b23cf
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu Feb 18 21:20:44 2021 +0000
Bump jackson-databind from 2.10.1 to 2.10.5.1
Bumps [jackson-databind](https://github.com/FasterXML/jackson) from 2.10.1 to 2.10.5.1.
- [Release notes](https://github.com/FasterXML/jackson/releases)
- [Commits](https://github.com/FasterXML/jackson/commits)
Signed-off-by: dependabot[bot] <support@github.com>
commit 21735b429228bef5e4d56ad154685d4942e9fe25
Author: jmagne <jmagne@redhat.com>
Date: Mon Feb 22 13:44:20 2021 -0800
pkispawn fails against 389-ds 1.4.3.19 #3458 (#3465)
Add suggested patch from stanislavlevin to solve this issue.
Also add f34 to the ipa tests,this time really add the tests.
Upon further review, back out of f34 tests until the infractructure
supports it.
Also hardcode tomcat app setting in spec file for the moment to
avoid possible glitches on certain platform.
Co-authored-by: Jack Magne <jmagne@localhost.localdomain>
commit 16e6338a63af330620908724a61cb813f2f88886
Author: Christina Fu <cfu@redhat.com>
Date: Mon Feb 22 09:41:26 2021 -0800
userOAEP erronously enabled in ServerKeygenUserKeyDefault.java
This patch fixes an error in ServerKeygenUserKeyDefault.java where
userOAEP is erronously enabled regardless of the CS.cfg config setting
for keyWrap.useOAEP
commit bea5ea36b00689b6932bd61dcf824eac9ebed184
Author: Endi S. Dewata <edewata@redhat.com>
Date: Thu Feb 18 13:52:11 2021 -0600
Fix COPR repo for TPS cloning test
commit 758b64889ad81231fe44242aa6baaf9523403f96
Author: Endi S. Dewata <edewata@redhat.com>
Date: Wed Feb 17 10:34:33 2021 -0600
Add --no-ntp in IPA tests
NTP is not necessary for testing IPA in containers
so it has been disabled.
commit 19326dddca75cec72e239dedd65ec48ac8fd9a2f
Author: Endi S. Dewata <edewata@redhat.com>
Date: Mon Feb 15 14:12:21 2021 -0600
Add test for tpsclient
The TPS test has been modified to verify token format and
token enrollment operations using tpsclient.
commit a36739aca0460d7b0502653c4c715d613376db12
Author: Endi S. Dewata <edewata@redhat.com>
Date: Tue Feb 16 09:25:44 2021 -0600
Add pki <subsystem>-deploy/undeploy
The ACMEDeployCLI and ACMEUndeployCLI have been converted
into generic SubsystemDeployCLI and SubsystemUndeployCLI
that can be used by all subsystems.
commit a01d3bad7807de3949d008d1f6b3724cf06473f7
Author: Endi S. Dewata <edewata@redhat.com>
Date: Tue Feb 16 09:25:42 2021 -0600
Fix exception message in PKIServer.webapp_undeploy()
commit 22ab633b355c2465456e2e4080449d85c775dbc1
Author: Endi S. Dewata <edewata@redhat.com>
Date: Thu Feb 11 16:06:28 2021 -0600
Clean up tools tests
commit 7ae88d5ba7918bf01dd6d5deee6109129456a77d
Author: Alexander Scheel <ascheel@redhat.com>
Date: Mon Feb 8 09:35:01 2021 -0500
Add OAEP support to pki client-cert-request
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
commit 25e0dc007d0533f219fcdb16eb2be8562ffff562
Author: Alexander Scheel <ascheel@redhat.com>
Date: Thu Feb 4 16:44:59 2021 -0500
Make CryptoUtil respect FIPS Status
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
commit c10d9655ffe87487477de6d04fe3f9a029c7c475
Author: Alexander Scheel <ascheel@redhat.com>
Date: Thu Feb 4 11:15:01 2021 -0500
Add RSA-OAEP support to SecurityDataProcessor
org.mozilla.jss.netscape.security.util.WrappingParams in JSS has an
shortcoming that it believes all RSA is RSA-PKCS1v1.5 and additionally,
that anything that isn't a EC key is RSA. :-)
Read the value of keyWrap.useOAEP to determine whether to override the
secret key wrapping algorithm with OAEP, prior to using and storing the
wrapping parameters.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
commit 1a8de83c3c6ca0e60396c2a7e13ff9a960fe9748
Author: Endi S. Dewata <edewata@redhat.com>
Date: Thu Feb 4 14:03:21 2021 -0600
Add ACME indexes for DS
Currently ACME indexes are defined in the CA's index.ldif so
when the CA is created the ACME indexes will be created as
well in the same DS backend. However, if later the ACME is
installed on a different DS backend, the ACME indexes need to
be created in that backend instead.
To simplify the installation process a new index.ldif has been
added to define the ACME indexes for DS. A new indextask.ldif
has been added as well to reindex an existing database.
In the future the ACME indexes may be removed from the CA's
index.ldif.
https://bugzilla.redhat.com/show_bug.cgi?id=1916686
commit 6ee1f01dff4818d3149f89c2e1c0d9f49c2ad8cd
Author: Endi S. Dewata <edewata@redhat.com>
Date: Thu Feb 4 12:17:36 2021 -0600
Add SessionAuthentication for acmeServerCert
The acmeServerCert profile has been modified to use
SessionAuthentication instead of manual agent approval
to improve ACME cert enrollment performance.
https://bugzilla.redhat.com/show_bug.cgi?id=1916686
commit 2856e5a7d902f0b93997724eab3ac3fc06ea6552
Author: Endi S. Dewata <edewata@redhat.com>
Date: Thu Feb 4 12:17:34 2021 -0600
Fix PKIClient usage in PKIIssuer
The PKIIssuer has been modified to close PKIClient objects
explicitly using try-with-resources to avoid excessive open
connections.
https://bugzilla.redhat.com/show_bug.cgi?id=1916686
commit 042e2b704d27924590b86d776fae19b4eb65fa19
Author: Endi S. Dewata <edewata@redhat.com>
Date: Mon Feb 8 14:09:22 2021 -0600
Move FixChallengePasswordClassPath.py
The FixChallengePasswordClassPath.py upgrade script has
been moved into base/server/upgrade/10.10.4 folder.
https://bugzilla.redhat.com/show_bug.cgi?id=1664435
commit b2cec1cb2fdf4dd622b405aaf4079baffe94e544
Author: Endi S. Dewata <edewata@redhat.com>
Date: Mon Feb 8 13:02:04 2021 -0600
Update version number to 10.10.4
commit 7ee9c4357aa0c4637b0320ade17dd71ef9a5941e
Author: Endi S. Dewata <edewata@redhat.com>
Date: Tue Feb 2 10:24:39 2021 -0600
Add test for installing TPS clone
commit a88a97bad4a0d65bfcae4d64f0c4d2759e585483
Author: Endi S. Dewata <edewata@redhat.com>
Date: Tue Feb 2 10:23:07 2021 -0600
Fix TPS clone installation
The TPS clone installation has been fixed by adding
the GetConfigEntries servlet into TPS's web.xml.
Resolves: https://github.com/dogtagpki/pki/issues/1841
commit a72d8d146ed0b71fe1ed6282e2af99f2c81e3f24
Author: Endi S. Dewata <edewata@redhat.com>
Date: Wed Feb 3 13:17:53 2021 -0600
Add doc for ACME performance test
commit beb615b704f07b383ca8b69656af67a53a9eaf2d
Author: Endi S. Dewata <edewata@redhat.com>
Date: Wed Feb 3 13:14:55 2021 -0600
Add doc for CA performance test
commit a3fa35e30a8bc5b06806f6a228e8d27a9bc68962
Author: Endi S. Dewata <edewata@redhat.com>
Date: Wed Feb 3 13:52:56 2021 -0600
Add performance tests scripts into pki-tests
commit 8d2835c68c85a29647be9991d4669c6b1b738d64
Author: Endi S. Dewata <edewata@redhat.com>
Date: Wed Feb 3 11:48:27 2021 -0600
Update log messages in test_acme_cert_enrollment.py
The test_acme_cert_enrollment.py has been modified to provide
a --verbose and a --debug options to show the test progress and
some debugging information.
commit 0475ff1b7cba84bee767077292c4159c53b41226
Author: Endi S. Dewata <edewata@redhat.com>
Date: Wed Feb 3 11:36:37 2021 -0600
Add default values for test_acme_cert_enrollment.py parameters
The parameters for test_acme_cert_enrollment.py have been
modified to provide a default value to make it easier to use.
commit 5bad7101120c668eba6f3b40875c41f02bf007d3
Author: Endi S. Dewata <edewata@redhat.com>
Date: Wed Feb 3 12:36:38 2021 -0600
Fix calculation in test_acme_cert_enrollment.py
The test_acme_cert_enrollment.py has been modified to use
float instead of int when calculating the elapsed time for
better accuracy.
commit 507af7bdeda181ca4b523d0e46c9b747108ee932
Author: Endi S. Dewata <edewata@redhat.com>
Date: Wed Feb 3 11:29:32 2021 -0600
Update log messages in test_cert_enrollment.py
The test_cert_enrollment.py has been modified to provide
a --verbose and a --debug options to show the test progress
and some debugging information.
commit c57a03911d9651cdc7844a3ace1e9b40b0657dca
Author: Endi S. Dewata <edewata@redhat.com>
Date: Wed Feb 3 11:17:41 2021 -0600
Add default values for test_cert_enrollment.py parameters
Some parameters for test_cert_enrollment.py have been modified
to provide a default value to make it easier to use.
commit 91f25b906f4f07e275d8bf8fdc1da8de93cc1410
Author: Endi S. Dewata <edewata@redhat.com>
Date: Wed Feb 3 11:18:06 2021 -0600
Fix calculation in test_cert_enrollment.py
The test_cert_enrollment.py has been modified to use float
instead of int when calculating the elapsed time for better
accuracy.
commit 877751b91858600cc504145b46ed4ffbc08c60eb
Author: Endi S. Dewata <edewata@redhat.com>
Date: Tue Feb 2 10:20:43 2021 -0600
Add pki securitydomain-join --install-token option
commit 26b29c389669abb2e9b4b6d645a2f71765970090
Author: Endi S. Dewata <edewata@redhat.com>
Date: Tue Feb 2 10:20:37 2021 -0600
Add pki <subsystem>-config-export --install-token option
commit 5ec94e61789b32913a93d3f178bc54a20b71556e
Author: Endi S. Dewata <edewata@redhat.com>
Date: Tue Feb 2 10:20:30 2021 -0600
Add pki <subsystem>-range-request --install-token option
commit 0fc92476add5398205d737a618af4bb210cef026
Author: Endi S. Dewata <edewata@redhat.com>
Date: Mon Feb 1 16:48:16 2021 -0600
Update KRA clone doc
commit 8913e3158bbf14c2db06dafcd1003818ab74e2af
Author: Endi S. Dewata <edewata@redhat.com>
Date: Mon Feb 1 16:48:14 2021 -0600
Update CA clone doc
commit 0b5620b6e16e6eccc433169a5bf1da6a55f33a3c
Author: Endi S. Dewata <edewata@redhat.com>
Date: Mon Feb 1 16:20:54 2021 -0600
Fix COPR repo for ACME test
commit 6d7aa2b34f90a1a219270c70f0d6c09e3257da4c
Author: Endi S. Dewata <edewata@redhat.com>
Date: Mon Feb 1 09:56:30 2021 -0600
Add test for installing TKS clone of clone
commit 09177132c206342ed05adfb3416b1209a405d9c9
Author: Endi S. Dewata <edewata@redhat.com>
Date: Mon Feb 1 10:54:54 2021 -0600
Add test for installing OCSP clone of clone
commit 5987987466e989d9aa457a881f69476cdd3434dd
Author: Endi S. Dewata <edewata@redhat.com>
Date: Mon Feb 1 09:56:28 2021 -0600
Add test for installing OCSP clone
commit 514741c27930659e27dfdc49cf93698b37c3602d
Author: Endi S. Dewata <edewata@redhat.com>
Date: Mon Feb 1 09:56:15 2021 -0600
Fixed error handling during replica setup
Originally the LDAPConfigurator.createReplicaObject() would
return true if it managed to add a new replica object. If the
object already existed, it would only add the new replica bind
DN and return false. If an error happened it would get ignored
and the method would return false as well.
In 4abfdc77508545fb90ef127fbbf373ae1609d705 the behavior of
accidentally got changed return true if the replica object
already exists and this caused OCSP and TKS clone of clone
installation to fail.
To fix the problem the behavior has been reverted except that
now any error will be reported as an exception.
https://bugzilla.redhat.com/show_bug.cgi?id=1912418
commit a52e4b5c8df2492da2ca999bf1166df08d16d4a9
Author: Endi S. Dewata <edewata@redhat.com>
Date: Thu Jan 21 17:40:00 2021 -0600
Add ACME server switchover test
commit 9900c46dd8a65defc8492e67c57b1684b2d0481c
Author: Endi S. Dewata <edewata@redhat.com>
Date: Fri Jan 15 11:27:08 2021 -0600
Add ACME base URL parameter
By default the ACME directory will return ACME service URLs
with the same hostname that the client uses to access the
directory. If the hostname is load-balanced, the client might
get redirected to different servers, which could trigger other
issues.
A new parameter has been added into engine.conf to override
the base URL of ACME services. This mechanism can be used to
pin the client to the current server.
commit 705aa5e82a451d237a1f49bba5086dd9c92be8db
Author: Endi S. Dewata <edewata@redhat.com>
Date: Fri Jan 29 19:08:00 2021 -0600
Clean up KRA test
commit f86773ab81db822a396e203cea90be1add18ecb2
Author: Endi S. Dewata <edewata@redhat.com>
Date: Fri Jan 29 19:36:09 2021 -0600
Clean up CA test
commit bd83211d4965e71c1d76d84ba22a929929d6ffaa
Author: Endi S. Dewata <edewata@redhat.com>
Date: Fri Jan 29 14:23:41 2021 -0600
Add test for installing KRA clone of clone
commit 02a375dec1404584877a321b5d5965ba510750ed
Author: Endi S. Dewata <edewata@redhat.com>
Date: Fri Jan 29 13:54:16 2021 -0600
Add test for installing CA clone of clone
commit c61c5ee6ab25d15ba59cf422361c18c13264beb2
Author: Endi S. Dewata <edewata@redhat.com>
Date: Fri Jan 29 13:25:16 2021 -0600
Fix clone of clone installation
In commit e0b249636e2ea24d3d0633e65bf1d6e0a3dbd35f the
CMSEngine.configurePorts() invocation was moved later
during server startup process. It's not clear how, but
apparently the cert number range assignment depends on
this code so it failed when installing a clone of an
existing clone.
To fix the problem the invocation has been moved back
into its original position.
Resolves: https://github.com/dogtagpki/pki/issues/3330
commit 22897930148b86743883950af1c16cb999da5fa4
Author: Endi S. Dewata <edewata@redhat.com>
Date: Fri Jan 29 18:00:33 2021 -0600
Fix COPR repo for TKS test
commit 6fbbbf90e9521967959a4737ae5cc9c605cc3a09
Author: Endi S. Dewata <edewata@redhat.com>
Date: Wed Jan 20 13:20:09 2021 -0600
Add test for installing TKS clone
commit d6ddc17460b058ebfca02e0b828db721d4e9689d
Author: Timo Aaltonen <tjaalton@debian.org>
Date: Thu Jan 28 13:10:34 2021 +0200
bump the version
commit cacd0353e0304662b03efd92de5427fa00ca8096
Merge: c8191cc9f 6e3ad8768
Author: Timo Aaltonen <tjaalton@debian.org>
Date: Thu Jan 28 13:05:36 2021 +0200
Merge branch 'upstream'
commit 5f40860218aad64838bb4dc063653c7939499b12
Author: Endi S. Dewata <edewata@redhat.com>
Date: Wed Jan 27 10:20:42 2021 -0600
Update release number to 10.10.3-4
commit 6e3ad8768fa855416a1ba402ee5aab47956192c5
Author: Alexander Scheel <ascheel@redhat.com>
Date: Thu Jan 14 10:20:43 2021 -0500
Remove additional lines from CRMFPopClient usage
Resolves: rh-bz#1584550
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
commit eff1d9cdc7d98300591a2a2b84b12978dd643966
Author: root <root@pki1.example.com>
Date: Wed Dec 9 21:28:20 2020 -0500
Modify PKI to use RSA-OAEP wrapping alg for RSA keys.
This first cut is a simple reworking any instances of
RSA wrapping in the code to use RSA-OAEP.
Code tested to work in software. Using an hsm, several
issues occur with respect to wrapping using AES sym keys
to wrap and unwrap RSA private keys.
This first attempt is to get the basic code out for review.
Subsequently, we can refine some of this code to allow things
to work better with the hardware hsm.
Make oeap configurable.
commit 3005be0e88ad5897b4dc7e95d71c286201f3f687
Author: Endi S. Dewata <edewata@redhat.com>
Date: Thu Jan 14 09:29:23 2021 -0600
Update version number to 10.10.3
commit 895ab300c38445015c9ac136718ca3f690b0455d
Author: Endi S. Dewata <edewata@redhat.com>
Date: Wed Jan 13 16:48:24 2021 -0600
Clean up IPA clone test
commit e05be3b83af483e2decbcf7de6493ecdb8a9358e
Author: Endi S. Dewata <edewata@redhat.com>
Date: Wed Jan 13 14:59:32 2021 -0600
Clean up KRA clone test
commit ef0f79dab0709f41e837a2e9657ad9d978881bb6
Author: Endi S. Dewata <edewata@redhat.com>
Date: Wed Jan 13 14:59:21 2021 -0600
Clean up CA clone test
commit 0d6b3207c2847bb04b24ab4b02949e4067cbbcdd
Author: Endi S. Dewata <edewata@redhat.com>
Date: Wed Jan 13 16:25:49 2021 -0600
Fix COPR repository for PKI 10.10
commit 11156292ebf806326c811ecb21563d10661ca1dd
Author: Endi S. Dewata <edewata@redhat.com>
Date: Mon Jan 4 09:32:35 2021 -0600
Add test for installing KRA clone
commit 3e81e61b7be42a317cb8619a9c6a4d79c0413da1
Author: Endi S. Dewata <edewata@redhat.com>
Date: Thu Jan 7 18:27:38 2021 -0600
Add test for installing ACME
commit 2cbf67157a6789f018c2db80cb5976511d173a06
Author: Endi S. Dewata <edewata@redhat.com>
Date: Tue Jan 5 16:03:59 2021 -0600
Add test for installing OCSP with external certs
commit 155ac655ac6afa7199a0dd14198ce2093f2d4e12
Author: Endi S. Dewata <edewata@redhat.com>
Date: Thu Dec 17 12:38:51 2020 -0600
Add test for PKI NSS CLI with and without HSM
commit 8e39e0eb7dda420b9efcf97855230d55ca56ea74
Author: Endi S. Dewata <edewata@redhat.com>
Date: Thu Dec 17 12:38:50 2020 -0600
Add HSM support for pki nss-cert-import
commit fd3e0d8e52805b2f49dde58c402c14cbc0da6bf7
Author: Endi S. Dewata <edewata@redhat.com>
Date: Thu Dec 17 12:38:49 2020 -0600
Add HSM support for pki nss-cert-issue
commit 062df9fb8c647801cf78ed9ac333e936ad88eebf
Author: Endi S. Dewata <edewata@redhat.com>
Date: Thu Dec 17 12:38:48 2020 -0600
Add HSM support for pki nss-cert-request
commit 567aa651dd73d3a6b42d6ba9317be9e4b670798f
Author: Endi S. Dewata <edewata@redhat.com>
Date: Thu Jan 7 19:52:06 2021 -0600
Clean up CA clone test
commit 62ebb7025b95164cb8864fc2109165313446860a
Author: Alexander Scheel <ascheel@redhat.com>
Date: Thu Jan 7 11:37:28 2021 -0500
Fix usage for CMCResponse -d
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
commit ef8ee5f9dd2db0458be5b6372dba05322aae3912
Author: Alexander Scheel <ascheel@redhat.com>
Date: Thu Jan 7 11:31:26 2021 -0500
Update usage for CRMFPopClient -y option
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
commit da395ab90da75fbdb5fa16ec213b13030cd3f954
Author: Endi S. Dewata <edewata@redhat.com>
Date: Wed Jan 6 21:40:29 2021 -0600
Fix COPR repository for PKI 10.10
commit 387f99685eb63949f20fa21d1dc9b59e9ced709d
Author: Endi S. Dewata <edewata@redhat.com>
Date: Wed Jan 6 13:50:50 2021 -0600
Fix KRA/OCSP installation with external certs on HSM
Previously pkispawn did not update serverCertNick.conf during
KRA or OCSP installation with external certs or standalone
installation. If the SSL server cert was stored in HSM the file
would not have the token name so the installation would fail.
To fix the problem the deployment scriptlet has been modified
to store the SSL server cert nickname and token name in
serverCertNick.conf in all installation cases.
https://bugzilla.redhat.com/show_bug.cgi?id=1890639
commit 337d8a95dec25361f3c9fde8f7875c3f47f7a97c
Author: Endi S. Dewata <edewata@redhat.com>
Date: Wed Jan 6 17:29:02 2021 -0600
Disable GPG check in CI
The GPG check has been disabled due to the following issue
during build dependency installation on F32:
Package libuv-1.40.0-1.fc32.x86_64.rpm is not signed
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED
commit 49207adfbe350a325a05bf7c773de54c10f0b170
Author: Endi S. Dewata <edewata@redhat.com>
Date: Tue Jan 5 17:21:03 2021 -0600
Fix preop.ca.pkcs7 for external and standalone installations
commit 0459b00dedb6d6feed936524cb9a2741eb903b02
Author: Endi S. Dewata <edewata@redhat.com>
Date: Tue Jan 5 10:42:46 2021 -0600
Add test for installing IPA clone
commit 4382948e978a4ee465b7e9564226e18f9a7746d4
Author: Endi S. Dewata <edewata@redhat.com>
Date: Tue Dec 15 08:44:45 2020 -0600
Add test for installing KRA with external certs
commit 57c5318fdba87f7f24511730462358ec065bdc01
Author: Endi S. Dewata <edewata@redhat.com>
Date: Tue Dec 15 08:44:43 2020 -0600
Add cert extension configs for KRA certs
commit 1f70a0ac5fda9055bdbcc2348243e755fae9d21d
Author: Endi S. Dewata <edewata@redhat.com>
Date: Tue Dec 15 08:44:42 2020 -0600
Add support for emailProtection extended key usage in pki nss-cert
commit c9d46c06784f5c84f39185169fe96cf7f0280cef
Author: Endi S. Dewata <edewata@redhat.com>
Date: Tue Dec 15 12:16:47 2020 -0600
Fix issuing CA configuration during installation
The configuration.py has been modified to store the issuing CA
parameters in all cases except when installing CA with external
certs and standalone KRA/OCSP. This is necessary to fix KRA
installation with external certs.
commit a20ba28d1afd019d12a224ac01001fd29fe59116
Author: Endi S. Dewata <edewata@redhat.com>
Date: Mon Jan 4 15:47:49 2021 -0600
Clean up ipa-tests.yml
commit d75d0152b5217be428bf20bb10e1b858b5e13f74
Author: Endi S. Dewata <edewata@redhat.com>
Date: Mon Jan 4 10:07:17 2021 -0600
Disable ipa-healtcheck test
The ipa-healthcheck has been failing due to this issue:
https://github.com/freeipa/freeipa-healthcheck/issues/163
The ipa-healthcheck test has temporarily been disabled to
allow other IPA tests to pass.
commit b0298def61ca81532254da1f2d70d4f33681210b
Author: Endi S. Dewata <edewata@redhat.com>
Date: Thu Dec 17 09:46:21 2020 -0600
Fix python3-pki dependency
The python3-pki package has been modified to depend on
python3-ldap since it is needed by pki Python module.
commit c2b2267669518343ad401761712d089c38a5529f
Author: Endi S. Dewata <edewata@redhat.com>
Date: Wed Dec 16 08:54:13 2020 -0600
Clean up CI tests
commit ea3c907c9b2975772b7672934ac89fefb724d2f7
Author: Endi S. Dewata <edewata@redhat.com>
Date: Tue Dec 8 14:49:43 2020 -0600
Add test for installing CA with existing certs
commit a0883837abe40cd339fa648110595aad069851c1
Author: Endi S. Dewata <edewata@redhat.com>
Date: Tue Dec 8 14:49:41 2020 -0600
Add cert extension configs for CA certs
commit 924d2d045589bd53ef22e1180b46ad28aad8fc7e
Author: Endi S. Dewata <edewata@redhat.com>
Date: Wed Dec 9 16:18:06 2020 -0600
Add --serial parameter for pki nss-cert-issue
The pki nss-cert-issue has been modified to provide an
optional parameter to specify a serial number for the
new certificate.
commit b88185e7abe76a0c565c8119e8a3dbec85600efd
Author: Endi S. Dewata <edewata@redhat.com>
Date: Tue Dec 8 14:49:39 2020 -0600
Add support for ocspResponder extended key usage in pki nss-cert
commit deb2eb8c74cc272cb01a6070a4d53bfdb9785d41
Author: Endi S. Dewata <edewata@redhat.com>
Date: Tue Dec 8 14:49:40 2020 -0600
Add support for OCSPNoCheckExtension in pki nss-cert
The NSSDatabase and NSSExtensionGenerator have been modified
to support OCSPNoCheckExtension such that pki nss-cert commands
can generate requests and certificates with this extension.
commit cc5840a74217845f98150ba57d588a5e9cfaf3dc
Author: Endi S. Dewata <edewata@redhat.com>
Date: Wed Dec 9 10:38:32 2020 -0600
Refactor NSSDatabase.addExtensions()
The NSSDatabase.addExtensions() has been modified to take
a temporary directory to store files containing the data
for the new extension being added.
commit a2b9a4b49e40ee8afa1d1da51075fc38a8241143
Author: Pritam Singh <prisingh@redhat.com>
Date: Mon Jan 4 21:18:34 2021 +0530
Added_boolean_fix_for_fips_check
Signed-off-by: Pritam Singh <prisingh@redhat.com>
commit 3c894354dd949c93382ac123b392c80e058983dc
Author: Christina Fu <cfu@redhat.com>
Date: Wed Dec 16 18:53:31 2020 -0800
Bug1664435-SCEP ChallengePassword Class not found
This patch, together with the fix for "Bug1908541 jss broke SCEP - missing PasswordChallenge class", addresses the issue where the class PasswordChallenge cannot be loaded due to Class Loader differences.
jss is installed in the common CL (/usr/share/pki/server/common/lib/jss4.jar)
the servlet classes are in webapp CL (/usr/share/pki/server/webapps/pki/WEB-INF/lib/pki-cms.jar)
In addition, this patch adds the upgrade sscript for the new path of ChallengePassword class which has been moved from pki into JSS.
fixes https://bugzilla.redhat.com/show_bug.cgi?id=1664435
commit aa34aaf4994becaae4c2c71e32cb8705a025d697
Author: Endi S. Dewata <edewata@redhat.com>
Date: Wed Dec 16 08:54:14 2020 -0600
Revert SystemCertClient changes
The commit c25b438024e4a0f3b6e91e359bd0aa34c25ea4e9 broke
IPA vault, so it has been reverted. The test for installing
KRA on a separate instance has been modified to disable the
healthcheck test.
commit dee48bdaf4f799e917a2e25bb7994db8fb32ffaf
Author: Endi S. Dewata <edewata@redhat.com>
Date: Mon Dec 14 14:35:41 2020 -0600
Add test for installing KRA on separate instance
commit 7c2b99b8d51ac59ca735c1c8ef215d50a4b56593
Author: Endi S. Dewata <edewata@redhat.com>
Date: Mon Dec 14 14:35:40 2020 -0600
Fix SystemCertClient creation
The calls to SystemCertClient constructor have been modified
to provide the subsystem name. This is required to run the
healthcheck tool on a KRA installed separately from the CA.
commit a40cfac8dac30c59458b8f78f44ec4f8dc29a26d
Author: Endi S. Dewata <edewata@redhat.com>
Date: Wed Dec 9 16:18:32 2020 -0600
Fix CA install doc
