- Original Message -
> > Hi -
> >
> > My team is adding ACME 2.0 client support to the Open Liberty application
> > server and wanted to test against Dogtag PKI's ACME server. My intention is
> > to containerize the ACME server and drive it through the same functional
> > tests we run agai
- Original Message -
> Hi -
>
> My team is adding ACME 2.0 client support to the Open Liberty application
> server and wanted to test against Dogtag PKI's ACME server. My intention is
> to containerize the ACME server and drive it through the same functional
> tests we run against other AC
- Original Message -
> > Let me backtrack a little bit. Is there a plan to modify Dogtag to
> > eventually support different serial number domains? If not, this is
> > not an issue for Dogtag.
>
> There is no plan to do so. It is not an issue for Dogtag. But
> still, I feel basing certifi
- Original Message -
> > > Currently on ACMEBackend interface we have
> > >
> > > public BigInteger issueCertificate(String csr);
> > >
> > > I think this is a bit of a problem. e.g. Dogtag currently supports
> > > multiple issuers (LWCAs). It is incidental that serial numbers do
> >
- Original Message -
> Hi Endi,
>
> Just want to quickly discuss certificate IDs.
>
> Currently on ACMEBackend interface we have
>
> public BigInteger issueCertificate(String csr);
>
> I think this is a bit of a problem. e.g. Dogtag currently supports
> multiple issuers (LWCAs). It
- Original Message -
> Just want to flag something related to ACME orders and
> authorisations.
>
> In ACME authorizations can be shared by multiple orders. In fact
> you can also "preauthorize" your account for an identifier, so there
> can also be a authorizations with no orders attache
Hi,
PKI 10.6.6 is now available upstream:
https://github.com/dogtagpki/pki/releases/tag/v10.6.6
Fedora 28 builds are available via the following update:
https://bodhi.fedoraproject.org/updates/FEDORA-2018-9132d6f913
Fedora 29 builds are available in Koji.
Fedora 27 builds are available in this
Hi,
Just FYI, the JSS repository has been branched. The JSS_4_4_BRANCH
will be used for JSS 4.4.x maintenance. The master branch will be
used for JSS 4.5 development.
If you are fixing something in the 4.4 branch, please also fix it
in the master branch.
Thanks.
--
Endi S. Dewata
_
Hi,
JSS 4.4.4 is now available upstream:
https://github.com/dogtagpki/jss/releases/tag/v4.4.4
Fedora 28 builds are available via the following update:
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d069c2e1a1
Fedora Rawhide builds are available in Koji.
Fedora 27 builds are available in th
Hi,
PKI 10.6.1 is now available upstream:
https://github.com/dogtagpki/pki/releases/tag/v10.6.1
Fedora 28 builds are available via the following update:
https://bodhi.fedoraproject.org/updates/FEDORA-2018-4f684aab1a
Fedora Rawhide builds are available in Koji.
Fedora 27 builds are available in
Hi,
PKI 10.6.0 and TomcatJSS 7.3.0 has officially been released
upstream and in Fedora 28:
https://github.com/dogtagpki/pki/releases/tag/v10.6.0
https://github.com/dogtagpki/tomcatjss/releases/tag/v7.3.0
Please note that there are no changes since the last Release
Candidate.
Thanks for your con
Hi,
PKI 10.6.0 Release Candidate is now available upstream:
https://github.com/dogtagpki/pki/releases/tag/v10.6.0-rc
Fedora 28 builds are available via the following update:
https://bodhi.fedoraproject.org/updates/FEDORA-2018-5c7037b0da
Fedora Rawhide builds are available in Koji.
Fedora 27 bui
Hi,
TomcatJSS 7.3.0 Release Candidate is now available upstream:
https://github.com/dogtagpki/tomcatjss/releases/tag/v7.3.0-rc
Fedora 28 build is available via the following update:
https://bodhi.fedoraproject.org/updates/FEDORA-2018-a52fb8dd30
Fedora Rawhide build is available in Koji.
Fedora
Hi,
JSS 4.4.3 is now available upstream:
https://hg.mozilla.org/projects/jss
Fedora 28 build is available via the following update:
https://bodhi.fedoraproject.org/updates/jss-4.4.3-1.fc28
Fedora Rawhide build is available in Koji.
Fedora 27 build is available in this COPR repository:
https://c
Hi,
PKI 10.6.0 Beta 2 is now available upstream:
https://github.com/dogtagpki/pki/releases/tag/v10.6.0-beta2
Fedora 28 builds are available via the following update:
https://bodhi.fedoraproject.org/updates/FEDORA-2018-1270ede284
Fedora Rawhide builds are available in Koji.
Fedora 27 builds are
- Original Message -
> On Tue, Mar 27, 2018 at 09:52:22PM -0400, Endi Sukma Dewata wrote:
> > - Original Message -
> > > On Tue, Mar 27, 2018 at 11:16:01AM -0400, Endi Sukma Dewata wrote:
> > > > Hi,
> > > >
> > >
- Original Message -
> On Tue, Mar 27, 2018 at 11:16:01AM -0400, Endi Sukma Dewata wrote:
> > Hi,
> >
> > The Dogtag PKI Website URL has changed as follows:
> >
> > * Old URL: http://pki.fedoraproject.org
> > * New URL: http://www.dogtagpki.org
&
Hi,
The Dogtag PKI Website URL has changed as follows:
* Old URL: http://pki.fedoraproject.org
* New URL: http://www.dogtagpki.org
Please use the new URL whenever possible. The old URL should
automatically be redirected to the new URL, so all existing links
should continue to work.
Unfortunatel
Hi,
PKI 10.6.0 Beta is now available on Fedora 28 Beta via the
following update:
https://bodhi.fedoraproject.org/updates/FEDORA-2018-2fd7295cb9
Fedora Rawhide builds are available in Koji.
Fedora 27 builds are available in PKI 10.6 COPR repository
(for development only):
https://copr.fedorainfra
Hi,
In the master branch we've added a dependency on Tomcat 8.5
in Fedora 27 or later. The version number has been changed
to PKI 10.6.0-0.2 because of that.
If you have PKI 10.6.0-0.1 packages, it will not work with
Tomcat 8.5. You will need to keep using PKI 10.6.0-0.1 with
Tomcat 8.0, or upgra
- Original Message -
> Another thing I just remembered to mention: when the day rolls over
> the debug log starts going to stdout/journal(?), instead of a file
> with the new date. I have to restart the server to get it logging
> to the expected file after the day changes.
Not quite sure
Hi Fraser,
Yeah, there's a bug in the message formatter. Could you take a
look at this patch?
https://review.gerrithub.io/#/c/403387/
Here's some documentation (still work in progress):
http://pki.fedoraproject.org/wiki/PKI_10.6_Logging_Improvements
Thanks!
--
Endi S. Dewata
- Original Mes
Hi,
We have just implemented the switch to HTTP NIO connector
in the master branch:
https://github.com/dogtagpki/pki/commit/3be16204bed2bf075fbe894135ca7d59cd7b408d
See this page for explanation:
http://www.dogtagpki.org/wiki/PKI_10.6_HTTP_NIO_Connector_Support
If you have an existing PKI 10.6 (
Hi,
If you pull the latest master branch you might see these folders appearing
in your local Git repository:
tests/dogtag/dev_java_tests/bin/
base/common/python/build/
base/common/python/dist/
base/common/python/dogtag_pki.egg-info/
It is caused by .gitignore changes here:
https://github.com/do
On 5/31/2017 6:30 PM, Matthew Harmsen wrote:
The attached patch was altered to change "args" ==> "argv" rather than
"argv" ==> "args" since it was discovered that a number of the routines
utilized "args" as a local variable that would have to be changed since
if the "argv" input parameter were ch
The outcome of CERT_REQUEST_PROCESSED event has been changed to
Failure when the certificate request is rejected by an agent.
https://pagure.io/dogtagpki/issue/2693
Pushed to master under trivial rule:
https://github.com/dogtagpki/pki/commit/dcbe7ce08fcf9512a6cf1ecf22ed080c0085e28a
--
Endi S. De
Pushed to master under trivial rule.
https://github.com/dogtagpki/pki/commit/f902b0365f2cf92f14f0a814394cd025669b3ea8
--
Endi S. Dewata
___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
The IAuditor has been modified to define a log() method for
AuditEvent object.
Pushed to master under trivial rule.
https://github.com/dogtagpki/pki/commit/ba32351d7c362e6b0e313cde0929c56f3f55ec5f
--
Endi S. Dewata
___
Pki-devel mailing list
Pki-deve
The auditInfoCertValue() methods in several classes have been modified
for consistency.
Pushed to master under trivial rule.
https://github.com/dogtagpki/pki/commit/4a28ac15f5552d6594b6f6bb58af8f076ab5c46f
https://github.com/dogtagpki/pki/commit/41fcfc470c6462bc069774c74ecfe2fe09cf6ac3
https://
A new audit() methods have been added to log AuditEvents in
AdminServlet.
Pushed to master under trivial rule.
https://github.com/dogtagpki/pki/commit/17e71d3ec1f52cc2e13590499dd70c5932885b20
--
Endi S. Dewata
___
Pki-devel mailing list
Pki-devel@red
The code that concatenates lines has been simplified using
String.replace().
Pushed to master under trivial rule.
https://github.com/dogtagpki/pki/commit/6bb1757a035d3439a65aa604a19dcdf48b7b2dbc
--
Endi S. Dewata
___
Pki-devel mailing list
Pki-devel@
The code that concatenates lines has been simplified using
String.replace().
Pushed to master under trivial rule.
https://github.com/dogtagpki/pki/commit/46cc674dcb6ff09167c69391054b36bdcfb36cbb
--
Endi S. Dewata
___
Pki-devel mailing list
Pki-devel@
A new method has been added to set AuditEvent's parameters.
Pushed to master under trivial rule.
https://github.com/dogtagpki/pki/commit/7033c5208fd315e9fd1c76d1755d1f7fd2bbf17a
--
Endi S. Dewata
___
Pki-devel mailing list
Pki-devel@redhat.com
https:
Pushed to master under trivial rule.
https://github.com/dogtagpki/pki/commit/e12a9367108ca9dbdd2cc02f35f68be8d6865457
--
Endi S. Dewata
___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
The PKIServerSocketListener has been fixed to obtain the correct
client IP address from SSL socket.
https://pagure.io/dogtagpki/issue/2602
Pushed to master under trivial rule.
--
Endi S. Dewata
>From 0aebe0b9192d5c549cc3350926ecf42276dbccb0 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date:
The CMS.getLogMessage() has been generalized to take an array of
Objects instead of Strings.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From 9fa3323e017079e490a3749dfdbf5d59a08c65e9 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Wed, 12 Apr 2017 21:44:31 +0200
Subject: [PATC
New audit(AuditEvent) methods have been added alongside the
existing audit(String) methods.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From 92b68d7ab3f58ad80a545f550f0598de2c43da2c Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Thu, 13 Apr 2017 01:45:37 +0200
Subject: [PATCH
New pki-server CLI commands have been added to simplify
inspecting the audit log files on the server.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From d8081073d10065987341a6583a6a7e7351b22438 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Tue, 11 Apr 2017 18:04:41 +0200
Subje
The UserCLI and GroupCLI have been fixed to use the subsystem name
in the client configuration object if available.
https://pagure.io/dogtagpki/issue/2626
--
Endi S. Dewata
>From 0409bfa35601a0b59f75c05cf8a34aed6514fc24 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Sat, 8 Apr 2017 09:04
The MainCLI has been modified to generate a deprecation warning
for the -t option.
--
Endi S. Dewata
>From 0c8aedd8a79841751005c531cf6cfbc08a4fd4dd Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Sat, 8 Apr 2017 09:05:48 +0200
Subject: [PATCH] Deprecated -t option for pki CLI.
The MainCLI
To help troubleshooting the PKIConnection has been modified to
register an SSL socket listener which will display SSL alerts
that it has received or sent.
https://pagure.io/dogtagpki/issue/2625
Pushed to master under trivial rule.
--
Endi S. Dewata
>From 60f0adb9205d5c7d4d9294ca620530ff3df2000e
The pki_console_wrapper script has been fixed to load cascading
pki.conf properly and to set the logging configuration property.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From 10d8f53c25d8ed7907b55c247fc77e5c3900029b Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Fri, 7 Apr
The PKIServerSocketListener.alertReceived() has been fixed to
generate audit log when the SSL socket is closed by the client.
The log message has been modified to include the reason for the
termination.
https://pagure.io/dogtagpki/issue/2602
Pushed to master under trivial rule.
--
Endi S. Dewat
These patches add new pki audit commands to list, retrieve, and remove
audit log files.
https://review.gerrithub.io/355356
https://review.gerrithub.io/355357
https://review.gerrithub.io/355358
--
Endi S. Dewata
___
Pki-devel mailing list
Pki-devel@re
All subclasses of PKIService have been modified to remove the
Context attribute since they have been declared in the base class.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From 7fc7d3e8844d4992db60a637370b8599bff5a282 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Fri, 31 Ma
The AuditCLI has been modified to create the AuditClient with lazy
initialization.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From 6749f6bffe92743373d4b86bbd05e5a957e74d96 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Fri, 31 Mar 2017 18:42:56 +0200
Subject: [PATCH] Refacto
Fixed pylint errors in pki.authority and pki.server.cli.subsystem.
https://pagure.io/dogtagpki/issue/2627
Pushed to master under trivial rule.
--
Endi S. Dewata
>From 269f7d62ab3c8d13f7746fccb69cb0b305c46fb9 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Fri, 31 Mar 2017 04:48:24 +0200
The top-level CLI commands have been modified to get the subsystem
name from the parent subsystem CLI if available, otherwise they
will use a hard-coded default value.
https://pagure.io/dogtagpki/issue/2626
Pushed to master under trivial rule.
--
Endi S. Dewata
>From 1d3216aece7381cbac7b812dfbb
Some constants in RollingLogFile have been replaced with their
equivalents in Constants class.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From 8d60caa44803915c153e1919ccaf08b166d38190 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Wed, 29 Mar 2017 03:36:39 +0200
Subject: [P
Additional changes to remove unnecessary CLI connection using lazy
initialization.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From a6b64e4f45348011885f268db92beab0d563ff22 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Fri, 24 Mar 2017 03:42:55 +0100
Subject: [PATCH] Refact
The CMSStartServlet has been modified to register an SSL socket
listener called PKIServerSocketListener to TomcatJSS.
The PKIServerSocketListener will receive the alerts generated by
SSL server sockets and generate ACCESS_SESSION_* audit logs.
The CS.cfg for all subsystems have been modified to
Additional changes to remove unnecessary CLI connection using lazy
initialization.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From 043aa471f9e243faad58917e9e055affdb694c79 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Fri, 24 Mar 2017 02:02:51 +0100
Subject: [PATCH] Refact
Previously the CLI would unnecessarily try to connect to the server
while executing commands that do not need connection. The problem has
been fixed using lazy initialization of the PKIClient object.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From 4ebdb9417cdda4edd231f7864a934e560
The CryptoUtil.setSSLCiphers() has been modified to support a "-"
sign in front of the cipher name or ID to disable the cipher.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From 8ba95a89a7de733c5319f575e80621faa2b45e90 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Fri, 17 Mar
The CryptoUtil.setSSLCipher() has been modified to support ciphers
specified using hex ID.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From bc6ad11480c4d5185cf70334b4cbc03e3a1cff61 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Sun, 19 Mar 2017 20:23:23 +0100
Subject: [PATCH]
The pki client-init has been modified to support creating NSS
database without password.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From 4c6a98d79a02fd0bf6e5da56835e8dd0ce2e7485 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Mon, 20 Mar 2017 01:21:34 +0100
Subject: [PATCH] A
The PKI CLI has been modified to support client cert authentication
without NSS database password.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From 516e9360f96721bdbd0301b12120c9d47225e5e4 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Tue, 21 Mar 2017 02:46:12 +0100
Subject:
The pki.nssdb module has been modified to support operations
without NSS database password.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From 2c4beb83a1dd772e02f5809e610319fcf1812034 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Mon, 20 Mar 2017 01:28:05 +0100
Subject: [PATCH
The PKI CLI has been modified to use hard-coded default values
in case the pki.conf is not available (e.g. in Eclipse).
ACKed by alee. Pushed to master.
--
Endi S. Dewata
>From cf611311181c3006009a3ae0ad19a39244028bd2 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Mon, 20 Mar 2017 17:03:
A new parameter has been added to pki.conf to configure the SSL
ciphers used by PKI CLI in addition to the default ciphers.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From a0fde2d91a02c4d11b698582a2cd64a76765ed25 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Fri, 17 Mar 201
A new parameter has been added to pki.conf to enable/disable the
default SSL ciphers for PKI CLI.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From de4b48b9e4523a865e74f8122e130e976b124410 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Sun, 19 Mar 2017 21:47:08 +0100
Subject:
The CryptoUtil.unsetSSLCiphers() has been modified not to ignore
exceptions.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From cdffde5b5449db804e98ccac624cdc5eeab29dce Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Sun, 19 Mar 2017 19:52:51 +0100
Subject: [PATCH] Fixed error h
The code that converts cipher name into cipher ID and enables
the cipher in CryptoUtil.setClientCiphers() has been moved into
a separate method.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From af7be30e164b1aebbb0e6eaf1fbfc6b9fb46360e Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
The CryptoUtil.setClientCiphers() has been modified to throw
an exception on unsupported cipher.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From 035f37b6416e9b001ff49e06142751b974835a9b Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Sun, 19 Mar 2017 20:08:50 +0100
Subject: [
The setClientCiphers() in CryptoUtil has been renamed to
setDefaultSSLCiphers() for clarity.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From a168db3f36584a6a576daa91c993d18c134835fe Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Sun, 19 Mar 2017 18:44:06 +0100
Subject: [PATC
The hard-coded SSL version ranges in PKI CLI have been converted
into configurable parameters in the pki.conf.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From 31683301b69fda23893c80af7c34c42a75e1b906 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Fri, 17 Mar 2017 19:20:30 +0
The PKI CLI has been modified such that it initializes the
PKIClient (and retrieves the access banner) only if the CLI
needs to access the PKI server.
https://pagure.io/dogtagpki/issue/2612
Pushed to master under trivial rule.
--
Endi S. Dewata
>From 6bcb89b55db870766ddcf09002a5997b323bd196 Mon
The CryptoUtil.setClientCiphers(String) has been reformatted to
simplify future refactoring.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From 2b9f9b7ef9e936dc5dc7ecc7bcc4c2fd8236dd1f Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Sat, 18 Mar 2017 03:33:10 +0100
Subject: [PATC
To prevent conflicts, the code that configures the default SSL
version ranges and ciphers for all SSL sockets created afterwards
has been moved out of PKIConnection into the main program (i.e.
PKI CLI).
Pushed to master under trivial rule.
--
Endi S. Dewata
>From d06e291b25087dfd4cd70e6f97e2c0f4
The PKI CLI has been modified to create a default NSS database
without a password if there is no existing database at the
expected location.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From 8b85ace2a2761c8451a11b4df8f142bd291cd6d4 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date
The Eclipse .classpath file has been modified to include
tomcat-coyote.jar to avoid build problem.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From 686303c3b71f9c929face7c0f947cf7563e9da68 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Fri, 17 Mar 2017 06:41:44 +0100
Subject:
The CryptoUtil.setClientCiphers() has been reformatted to simplify
future refactoring.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From a234e993409fa5c26c92b9ede970e94c9dc932d9 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Fri, 17 Mar 2017 05:11:42 +0100
Subject: [PATCH] Cle
The duplicate code for configuring default SSL version ranges has
been merged into reusable methods in CryptoUtil.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From 4d6e6d05d5270a0e81ae12e2583cae9c49667c88 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Fri, 17 Mar 2017 02:01:2
The default pki.conf has been modified to export the environment
variables such that they can be used by PKI client.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From f2c3331176be82317cd5401b8b69d8adef18b188 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Thu, 16 Mar 2017 06:22
The PKI CLI has been modified to support cascading configuration
files: default, system-wide, and user-specific configuration.
The existing Python-based PKI CLI was moved into pki.cli.main
module. A new shell script was added as a replacement which will
read the configuration files and invoke the
The ClientCertValidateCLI has been modified to display the NSS
error code and error message for invalid certificates.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From 3253d852eb50d30f30a37800f0cf16898a038b6c Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Mon, 13 Mar 2017 21:4
A new constructor has been added into EInvalidCredentials to
support exception chaining.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From 806d5ed6cc2e16c5d5ad06530d06a98b4ee68bb1 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Wed, 15 Mar 2017 18:41:52 +0100
Subject: [PATCH] A
The code that loads the password.conf in PKIInstance.load() has
been converted into a general purpose load_properties() method.
A corresponding store_properties() method has been added as well.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From 7810a55d0b967ff5355312e952fc4c7314a45f35
On 2/24/2017 12:12 PM, Endi Sukma Dewata wrote:
The PKI CLI has been modified to retrieve access banner from
the server and ask for user confirmation at the beginning of the
program. An --ignore-banner option was added to allow bypassing
the banner for automation.
https://fedorahosted.org/pki
The PKI CLI has been modified to retrieve access banner from
the server and ask for user confirmation at the beginning of the
program. An --ignore-banner option was added to allow bypassing
the banner for automation.
https://fedorahosted.org/pki/ticket/2582
--
Endi S. Dewata
>From 49caa70185e1de
On 2/23/2017 8:01 PM, Endi Sukma Dewata wrote:
The PKI console has been modified to retrieve access banner from
the server and ask for user confirmation at the beginning of the
program.
https://fedorahosted.org/pki/ticket/2582
Discussed the mechanism with cfu, which is similar to the one used
On 2/23/2017 8:01 PM, Endi Sukma Dewata wrote:
All pages in TPS UI have been modified to retrieve access banner
and display it once at the beginning of the SSL connection.
https://fedorahosted.org/pki/ticket/2582
Similar changes to patch #958. Pushed to master.
--
Endi S. Dewata
On 2/23/2017 7:54 PM, Endi Sukma Dewata wrote:
All pages in TKS UI have been modified to retrieve access banner
and display it once at the beginning of the SSL connection.
https://fedorahosted.org/pki/ticket/2582
Similar changes to patch #958. Pushed to master.
--
Endi S. Dewata
On 2/23/2017 7:54 PM, Endi Sukma Dewata wrote:
All pages in OCSP UI have been modified to retrieve access banner
and display it once at the beginning of the SSL connection.
https://fedorahosted.org/pki/ticket/2582
Similar changes to patch #958. Pushed to master.
--
Endi S. Dewata
On 2/23/2017 7:54 PM, Endi Sukma Dewata wrote:
All pages in KRA UI have been modified to retrieve access banner
and display it once at the beginning of the SSL connection.
https://fedorahosted.org/pki/ticket/2582
Similar changes to patch #958. Pushed to master.
--
Endi S. Dewata
The PKI console has been modified to retrieve access banner from
the server and ask for user confirmation at the beginning of the
program.
https://fedorahosted.org/pki/ticket/2582
--
Endi S. Dewata
>From d4385d04056ef9e5a7aa2b82a81a92ab1e8e1c7f Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Da
All pages in TPS UI have been modified to retrieve access banner
and display it once at the beginning of the SSL connection.
https://fedorahosted.org/pki/ticket/2582
--
Endi S. Dewata
>From 31651b18fc06234db91478069374c4a2b01a79c9 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Tue, 21 Fe
All pages in TKS UI have been modified to retrieve access banner
and display it once at the beginning of the SSL connection.
https://fedorahosted.org/pki/ticket/2582
--
Endi S. Dewata
>From 51af5527ed411a47dc89bf6985e3a4a1a2d876af Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Tue, 21 Fe
All pages in KRA UI have been modified to retrieve access banner
and display it once at the beginning of the SSL connection.
https://fedorahosted.org/pki/ticket/2582
--
Endi S. Dewata
>From 4545ec0f74953833069f962b600e47a241774f2c Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Tue, 21 Fe
All pages in OCSP UI have been modified to retrieve access banner
and display it once at the beginning of the SSL connection.
https://fedorahosted.org/pki/ticket/2582
--
Endi S. Dewata
>From ff03705118b644a6c731739b24846f3274a095d2 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Tue, 21 F
On 2/22/2017 1:57 PM, Endi Sukma Dewata wrote:
All pages in CA UI have been modified to retrieve access banner
and display it once at the beginning of the SSL connection.
https://fedorahosted.org/pki/ticket/2582
ACKed by cfu. Pushed to master.
--
Endi S. Dewata
On 2/23/2017 3:47 PM, Endi Sukma Dewata wrote:
On 2/22/2017 1:57 PM, Endi Sukma Dewata wrote:
A new InfoService class has been added to PKIApplication to
provide public information about the server including version
number and access banner.
https://fedorahosted.org/pki/ticket/2582
New patch
On 2/23/2017 4:54 PM, Christina Fu wrote:
I only have time to play with it. So this review is not based on code
reading. I was able to trigger a session timeout and the banner appears
again as expected. So from that point of view, as long as the patches
don't break existing banner-ignorant clie
On 2/22/2017 1:57 PM, Endi Sukma Dewata wrote:
A new PKIApplication class has been added into /pki web application
to define common PKI REST services such as access banner.
https://fedorahosted.org/pki/ticket/2582
Pushed an updated patch to master under trivial rule.
--
Endi S. Dewata
>F
On 2/22/2017 1:57 PM, Endi Sukma Dewata wrote:
The PKI UI main page has been modified to retrieve access banner
and display it once at the beginning of the SSL connection.
https://fedorahosted.org/pki/ticket/2582
New patch #957-1 attached. It's now using the two REST services added in
On 2/22/2017 1:57 PM, Endi Sukma Dewata wrote:
A new InfoService class has been added to PKIApplication to
provide public information about the server including version
number and access banner.
https://fedorahosted.org/pki/ticket/2582
New patch #956-1 attached. It's now adding two
The CMake create_symlink commands do not work on RHEL if the
source does not exist yet, so they have been replaced with regular
ln commands.
Pushed to master under trivial rule.
--
Endi S. Dewata
>From f5293bac716a11721ab601ff027ce141230fd501 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date
The PKI UI main page has been modified to retrieve access banner
and display it once at the beginning of the SSL connection.
https://fedorahosted.org/pki/ticket/2582
--
Endi S. Dewata
>From d0b86cbad1ed259a1c59fe72a3f0334197521059 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Tue, 21 Fe
A new InfoService class has been added to PKIApplication to
provide public information about the server including version
number and access banner.
https://fedorahosted.org/pki/ticket/2582
--
Endi S. Dewata
>From 69aaed340190d08cdba81037867a76d72f37c4aa Mon Sep 17 00:00:00 2001
From: "Endi S. De
A new PKIApplication class has been added into /pki web application
to define common PKI REST services such as access banner.
https://fedorahosted.org/pki/ticket/2582
--
Endi S. Dewata
>From 0aaf981af04e7f27bd444e8614b256bc37644e8a Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata"
Date: Wed, 15 F
1 - 100 of 567 matches
Mail list logo