<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<h3>
Timo Aaltonen pushed to branch master-next
at <a href="https://salsa.debian.org/freeipa-team/dogtag-pki">FreeIPA packaging / dogtag-pki</a>
</h3>
<h4>
Commits:
</h4>
<ul>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a589107d8362bed238f3cdf1662914665b705c0b">a589107d</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-05-28T08:15:17+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: log in CAClient when submitting certificate request
It is possible to use a lower-privileged RA account to issue
certificates, if the target profile is set up to allow it.
Therefore log in the user before submitting the certificate request.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bd23745577a65c3f39ed1262a0e1f5ef80ffdb5f">bd237455</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-05-28T08:15:17+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: PKIIssuer: handle immediate issuance
Depending on profile configuration and user privileges, the cert
could be immediately issued. Furthermore the user may not have
agent permissions to review/approve a request, but a profile
configuration could allow immediate issuance for particular
users/groups.
Therefore we must detect when the certificate was immediately issued
and if so, skip the review/approve behaviour.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a88a0b0767a3e2f5bcb1714eca6f17551129f16f">a88a0b07</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-05-28T09:20:05+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">rules: Fix java version in pki.conf.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/26c607eb40654015e87cac24e00cb2b3c169a946">26c607eb</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-05-28T20:01:41-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add OCSP connectivity healthcheck
This patch adds a new OCSP connectivity check. This check
tries to hit the API enpoint: /ocsp/admin/ocsp/getStatus
However, note that this only checks for whether the OCSP subsystem
is running and doesn't actually try to fetch any data from LDAP.
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/675c2dedafa45cfe47653ec0594bd5a58fe3fc33">675c2ded</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-05-28T20:01:41-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add new healthcheck for TKS connectivity
This patch checks if the TKS is up and running by trying to
hit the REST api enpoint: /tks/admin/tks/getStatus
Note that healthcheck does not perform any operation that
involves LDAP. It just checks if the subsystem is up and running
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/26a0be84ba257513f3fef11ebae86cd66080c598">26a0be84</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-05-28T20:01:41-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add new healthcheck to test TPS connectivity
This patch adds a new healthcheck to test the connectivity
of TPS subsystem by trying to hit the endpoint: /tps/admin/tps/getStatus
Note that this healthcheck does not perform any operations involving
LDAP. It just checks if the TPS subsystem itself is up and running
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ae8f5129653fd3d500e18f7a5afb069ab0dd7913">ae8f5129</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-05-29T14:00:18+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: ACMEEngineConfigFileSource: restart file watching on error
Vi(m) file write on the watched file caused an exception due to bad
permissions. I'm not sure if this is due to behaviour of vi(m), or
something more fundamental. Whatever the reason, it was an ordinary
administrator action so we must gracefully handle the situation.
A naïve approach is simply to delay a moment before reading the
file. A 1000ms sleep seems to do the trick. For robustness, we
also restart file watching if an exception occurs, with exponential
backoff, and attempting to read the file again each time before
reconfiguring the watch service.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9543570959ddcd63532f6cd357586c2f4b91d971">95435709</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2020-05-29T16:10:49-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug 1805541 [RFE] CA Certificate Transparency with Embedded Signed Certificate Time stamp
This patch adds additionl work to the prototype code checked in:
commit fca6d89dcd2b9e6592879c85a2f2278ed1a28e2f
It
- added support for multiple CT log for createSCTextension
- got one of the two verification methods working in verifySCT
https://bugzilla.redhat.com/show_bug.cgi?id=1805541
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0b6ccf3c5867de791742a25a05c17174a41cf9a9">0b6ccf3c</a></strong>
<div>
<span>by jmagne</span>
<i>at 2020-05-29T16:29:51-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Address Bug 1710109 - add RSA PSS support. (#416)
Upstream portion of pki part of RSA-PSS signing algorithm support. (#356)
This fix conincides with another ticket providing RSA PSS signature support for JSS,
which is required for this to work.
This is designed for simple usage. If one wants to say create a CA or KRA with RSA PSS signature
support, simply place the following line in the pkispawn script file:
pki_use_pss_rsa_signing_algorithm=True
This will instruct the process to take whatever signing algorithm of the form (
SHAxxxwithRSA signing algorithms are specified and promote them to the corresponding
PSS algorithm such as: SHS256withRSA/PSS.
If one ONLY puts that value in the script file, all the algs, which have a default of
SHA256withRSA will be promoted to SHA256withRSA/PSS.
This fix also provides support , if desired, for SHA384, and SHA512 versions of PSS.
In order to get this to work, the pkispawn config will have to explcitly enumerate
each applicable signing algorithm as such ex: pki_ca_signing_signing_algorithm=SHA384withRSA.
Also the explicit alg of say SHA384withRSA/PSS can be used for each setting.
Tested with a basic CA and KRA. Also tested with a non PSS CA and a no PSS ca with ECC so far.
The goal is to not interfere with any existing functionality if PSS support is not desired.
Added fix to the CMCRespone tool.
The tool currently does not initialize the CryptoManager.
Doing so is necessary to register the JSS Provider which provides the
encoding / parsing support for the RSAPSS algorithm parameters.
Co-authored-by: Jack Magne <jmagne@test.host.com>
Co-authored-by: Jack Magne <jmagne@localhost.localdomain>
Co-authored-by: Jack Magne <jmagne@test.host.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/333b9c4fd08d09a6b7940c128d7d0362f7537cca">333b9c4f</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-01T13:04:48-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Move pylint from buildtime to a separate CI job
This patch moves python code linting from RPM build
to a separate CI job.
Note that this new job runs on INSTALLED python files due to
lack of setuptools [1].
[1] https://pagure.io/dogtagpki/issue/3175
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e84ffda9387df40ac90c0db8832abb4c91198bcf">e84ffda9</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-01T13:04:48-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Package lint script into pki-tests package
This patch adds the pki-lint script to pki-tests package.
This patch also improves the pki-lint script to accept
custom config files to execute pylint and flake8 linters.
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d900dc214a06c2d88306399a3b437ff669b5dffb">d900dc21</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2020-06-01T18:04:04-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug 1805541 added comments and error handling for [RFE] CA Certificate Transparency with Embedded Signed Certificate Time stamp
This patch mostly simply adds some comments and error handlings for CT.
verifySCT signature size is hardcoded to SHA256withEC for now (will be
improved on later)
https://bugzilla.redhat.com/show_bug.cgi?id=1805541
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7b2baf5741b03cc3051c1ee47702c5cd574b7b53">7b2baf57</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-06-02T10:18:03+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop pki-server upgrade from postinst, and drop --validate option from the systemd service as it's gone.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/82964212e9e154e2cd9c0d3c5baf657cd8165a91">82964212</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-06-03T15:24:29+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">acme: handle file rename in ACMEEngineConfigFileSource
Renames are not handled as ENTRY_MODIFY but rather as a pair of
ENTRY_DELETE and ENTRY_CREATE events. Update the file watching to
process ENTRY_CREATE events so the modify-by-rename scenario is
handled.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/34c85d390d5016f00e06b0d179e17eaf03490e71">34c85d39</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-06-04T14:47:22+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">spec: set Requires among pki RPMs to depend on same release
Currently the Requires depends only on pki-foo = %{version}.
This can result in problems where, e.g. a package that depends on
'pki-ca = 10.9.0-0.1.TIMESTAMP.DIGEST' ends up with Dogtag packages
from mismatched builds (same version, different %{release}).
Update the spec file to ensure that Dogtag RPMs that depend on other
Dogtag RPMs depend on the exact same build.
Note that prior to 4966ebf0759a0d9f5de54e9f731393a14ef4558f, all
intra-spec dependencies were pegged to the %{release}. This was
removed because of problems caused by some packages being built in
different modules. Removing /all/ such pegging was going a bit too
far. So among packages we know will be built in the same module it
is OK to add the %{release} back into the Requires directives.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/45d3c46c3846e30325e9f46cf923ef101010d6dc">45d3c46c</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-04T13:29:58-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Rename registry names in setup.py to allow additional plugins
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8a386dee525f25aa1ed3f8da824fe09115693ad9">8a386dee</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-04T13:29:58-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add healthcheck to check CA System Cert trust flag
This patch:
- adds a new healthcheck to check the Trust flag
present in CA's nssdb
- Adds a reusable method to get trust flags of system
certs from NSSDB or HSM
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8d108d98fe82dd5e8e85b871b81a6f48639752a2">8d108d98</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-04T13:29:58-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add healthcheck to check KRA's system cert trust flags
This patch adds a new healthcheck to test the System Cert
trust flag of all KRA's system certificates.
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8093b4d26da0df700badaa752b365940ecf3e9d4">8093b4d2</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-04T13:55:46-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed NPE in PostgreSQLDatabase.close()
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/794f85ab02c275a49e35f463182b6c24483f5c95">794f85ab</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-04T13:55:46-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added ACMEIssuerConfig.getParameterNames(parent)
The ACMEIssuerConfig.getParameterNames(parent) has been
added to return the relative names of the parameters under
the specified parent parameter.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/df2548ef1d460712b9a5c1ee701c2afd0f604b80">df2548ef</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-04T13:55:46-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reorganized ACME docs
The doc that describes ACME issuer configuration has been
moved into Configuring_ACME_Issuer.md.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5220c4015182b57ecf5eb617146ee75422501aab">5220c401</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-04T16:16:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add new healthcheck for OCSP system cert trust flag
This patch adds a OCSP healthcheck to test whether the trust flag
of its system certs match the expected value
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3e3394615964606df8fa3a1611100b4139163e8a">3e339461</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-04T16:16:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add new healthcheck for TKS system cert trust flags
This patch adds a new healthcheck to check the trust
flag of TKS's System certs with known good value
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6f3c5a7a63bb323f0eb6050715142b59236ea0a3">6f3c5a7a</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-04T16:16:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add new healtcheck to test TPS system cert trust flag
This patch adds a new healthcheck to compare the trust flags
of TPS's systemc certs with known trust flags.
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/649a8a389b7c993edb8000dbfd66e19380f0eb70">649a8a38</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-04T16:16:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Change log level for unconfigured subsystems
PKI healthcheck reports results to IPA healthcheck automatically.
As a result, RHCS specific tests (like OCSPSystemCertTrustFlagCheck)
report a SUCCESS. This can be quite misleading to the users.
This patch adds INFO data to inform users that the subsystem is
unconfigured, when using --verbose
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/84b9b2b5f1151c8f610640a7eb7a1a0d04a1eeb5">84b9b2b5</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-04T17:21:59-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Include trust flag info in pki-server cert-* operation
This patch includes trust flags when running cert-show or cert-find
in its output, to provide more information to the user
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/54d324491c8052e16157ac6f18b5a1aa7726e46e">54d32449</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-04T23:11:11-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused PKI_WEB_SERVER_TYPE
The PKI_WEB_SERVER_TYPE was hardcoded so the variable has
been removed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d217e77f6ecbfceab35885a2b851be10af77eee9">d217e77f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-04T23:11:11-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused TOTAL_UNCONFIGURED_PKI_ENTRIES
The TOTAL_UNCONFIGURED_PKI_ENTRIES is no longer needed since
pkispawn will always complete the instance configuration.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/74eb6de2708dd2a534e11554d1fc94c0a243ed18">74eb6de2</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-04T23:11:11-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Mandatory instance name for pkidaemon
The pkidaemon has been modified such that the instance name
must be specified.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/acd29cb9a5923c9257d33c6e385b105ae5bed418">acd29cb9</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-04T23:11:11-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused TOTAL_PKI_REGISTRY_ENTRIES
Since the instance name must be specified when calling
pkidaemon, the TOTAL_PKI_REGISTRY_ENTRIES will always be 1
so the variable is no longer needed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8b2d3c259dbc448b58c7741cbde7c16fec37e3c1">8b2d3c25</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-04T23:11:11-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused PKI_REGISTRY_ENTRIES
Since the instance name must be specified when calling
pkidaemon, the PKI_REGISTRY_ENTRIES will only contain 1
entry, so it has been replaced with PKI_REGISTRY_ENTRY.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f7c103dc59edadf2853bd3e0a89052798d420f1d">f7c103dc</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-04T23:11:11-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused PKI_TYPE
The PKI_TYPE was hardcoded so the variable has been removed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2945f571e4d5ef6d89040a51d449ae36f25702be">2945f571</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-04T23:11:11-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed unused Instance.tomcat_instances()
The Instance.tomcat_instances() was not used so it has
been removed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/226cf16eb4ea9e589ed89e79148333dadc394df1">226cf16e</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-05T22:01:52-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added user/group option for pki-server create
The pki-server create command has been modified to provide
options to specify the user and group for PKI server.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/122d2e043a37308bc4fc9b24f823db87b81aa898">122d2e04</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-05T22:19:09-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored NSSDatabase.directory
The NSSDatabase.directory has been replaced with a path.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0a60992cb3b10f0fce4fe0c4acae41e268119d10">0a60992c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-05T22:20:29-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added NSSDatabase.passwordStore
The NSSDatabase.passwordStore has been added to store
the NSS database passwords.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a829d72a81b29a1a6f2950703dadee3b5722dbc8">a829d72a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-05T22:20:29-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ACMEEngine.validateCSR()
The ACMEEngine.validateCSR() has been modified to take a
PKCS #10 object.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3fb78aa3ffa09738ab7fbdf8379f25a99b39767f">3fb78aa3</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-05T22:20:29-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ACMEIssuer.issueCertificate()
The ACMEIssuer.issueCertificate() has been modified to
take a PKCS #10 object.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bc6254a32bd7122684b3008fab22f159c4f7ddb5">bc6254a3</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-05T22:20:29-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ACMEIssuer.revokeCert()
The ACMEIssuer.revokeCert() has been renamed to
revokeCertificate().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e9721b9cb0406fc4cb881cc1334744f2cd01e552">e9721b9c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-08T17:37:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Moved CertUtil.createRemoteCert()
The CertUtil.createRemoteCert() has been moved into CertUtils.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/278e456893c2f357eebd21baa9dc6bf19ff299fb">278e4568</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-08T17:37:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Moved CertUtil.buildSANSSLserverURLExtension()
The CertUtil.buildSANSSLserverURLExtension() has been moved
into CertUtils.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b890b0ae68ae401cba7a7a31e45a2fa17faaba38">b890b0ae</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-08T17:37:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Moved CertUtil.createLocalRequest()
The CertUtil.createLocalRequest() has been moved into
CertUtils.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0b3116a105011f420c2be9e7bfb46b70f73d9940">0b3116a1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-08T17:37:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Moved CertUtil.updateLocalRequest()
The CertUtil.updateLocalRequest() has been moved into
CertUtils.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5fafadcef1d791513f8e4740304fd375b7f4e24c">5fafadce</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-08T17:37:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Moved CertUtil.getAdminProfileAlgorithm()
The CertUtil.getAdminProfileAlgorithm() has been moved into
CertUtils.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a2506418066524030850f7fef1c6190e04799837">a2506418</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-08T17:37:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Moved CertUtil.createCertInfo()
The CertUtil.createCertInfo() has been moved into CertUtils.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1ca6075b1a0ea6356bc438012ea6247fa6878bd0">1ca6075b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-08T17:37:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Moved CertUtil.createCertRecord()
The CertUtil.createCertRecord() has been moved into
CertUtils.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/dad09cb5fa67fb7d7c4e0ecf9201085b274472cb">dad09cb5</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-08T17:37:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Moved CertUtil.createLocalCert()
The CertUtil.createLocalCert() has been moved into CertUtils.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c311ab56ebd7f04e3cdcac1a78e491d8f6f0b6c1">c311ab56</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-08T18:28:22-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Moved CertUtil
The CertUtil has been moved into pki-util.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d81097f485e8ba7a98ef93cfd948a652e2c28912">d81097f4</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-08T18:29:00-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored CertUtils.normalizeCertReq()
The CertUtils.normalizeCertReq() has been moved and converted
into CertUtil.parseCSR() which returns the CSR binaries.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/30f8447ba0c6abaaa4944601d668b8602a911958">30f8447b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-09T12:47:47-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored CertUtils.getEncodedCert() (part 1)
The CertUtils.getEncodedCert() has been modified to throw
a generic Exception.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7a6b6822235922df41ee93e04071ba27d95ee60b">7a6b6822</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-09T14:30:30-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored CertUtils.getEncodedCert() (part 2)
The CertUtils.getEncodedCert() has been moved and renamed
into CertUtil.toPEM().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ce67604ce5b5d64fbaea89834eaffbcab3ec445c">ce67604c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-09T14:30:41-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up NSSKeyCLI
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ea3d5ef32bdabb6916767db532c9cf307f5293c9">ea3d5ef3</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-06-10T06:44:18+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CT: handle missing config
If Certificate Transparency config is not defined in CS.cfg, all
certificate issuance fails. This situation can arise in upgrade
scenarios.
Tolerate the absense of the certTransparency.enable CS.cfg
directive, defaulting to false.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b3514113c867c9394dd84e313c55dc66f3e846b6">b3514113</a></strong>
<div>
<span>by jmagne</span>
<i>at 2020-06-09T15:06:21-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Address CVE-2020-1721. (#434)
Co-authored-by: Jack Magne <jmagne@localhost.localdomain></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/76820004f231bcc4291cb63699a89746bd78c8e7">76820004</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-09T18:47:15-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Introduce pki_ajp_secret configuration parameter
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1bd84062c95797572de2464c095f5ab4f55e03c7">1bd84062</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-09T18:47:15-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add migration logic for 8.5 -> 9.0.31
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e2ee6e1e6a08cb128a7ce04f04961325eff96c0d">e2ee6e1e</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-09T18:47:15-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Make pki_ajp_secret a random password by default
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/737fc097afb42c0b48fe362e970591099dfed2c7">737fc097</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-09T18:47:15-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Always gather journalctl logs, instance config
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/741c7982cca3f13efd0b02ee9e36e7d15962c259">741c7982</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-09T19:33:54-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove Tomcat 7.0, Tomcat 8.0 specific configs
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f7cd25bc03521876ed553ccb6584fad2004e30a9">f7cd25bc</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-10T11:47:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated version number to 10.9.0-0.2 (alpha 2)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/70c8d130e14dba85bc5fc0becd2519abcf371f26">70c8d130</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-06-15T19:02:22+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge branch 'upstream-next' into master-next
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7e965bbe6da445c31e63fb805db82a4afa0f1ec7">7e965bbe</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-06-15T19:02:52+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">bump the version
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0ca3548ce7baa2f6a90abb3b84698396e98f4dd2">0ca3548c</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-06-16T15:50:28+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">patches: Refreshed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3836dc33161b9399df47c387b4d90d760399013d">3836dc33</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-06-16T20:34:14+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">releasing package dogtag-pki version 10.9.0~a2-1
</pre>
</li>
</ul>
<h4>30 changed files:</h4>
<ul>
<li class="file-stats">
<a href="#4b905b3ce8db4f70f4829d47fb4b4f852ff810a2">
.github/workflows/required-tests.yml
</a>
</li>
<li class="file-stats">
<a href="#9a2aa4db38d3115ed60da621e012c0efc0172aae">
CMakeLists.txt
</a>
</li>
<li class="file-stats">
<a href="#1acf49d2a16e773f07e9d9851ade895587a365c1">
base/acme/src/main/java/org/dogtagpki/acme/database/PostgreSQLDatabase.java
</a>
</li>
<li class="file-stats">
<a href="#b0e573db995216d32374cdbefec51adb6a32e097">
base/acme/src/main/java/org/dogtagpki/acme/issuer/ACMEIssuer.java
</a>
</li>
<li class="file-stats">
<a href="#32ec6cbb0e75b23bfb4ca5c45af0bf7593ebac1b">
base/acme/src/main/java/org/dogtagpki/acme/issuer/ACMEIssuerConfig.java
</a>
</li>
<li class="file-stats">
<a href="#d3eb5bfa7996cf73eeea98e5b31d1713bda24dca">
base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java
</a>
</li>
<li class="file-stats">
<a href="#fe30397906f164c11d263718ee3bd1effb2e004d">
base/acme/src/main/java/org/dogtagpki/acme/server/ACMEEngine.java
</a>
</li>
<li class="file-stats">
<a href="#aa01fd5b6be0ed85090c49a4ae7fe5e122a68fa8">
base/acme/src/main/java/org/dogtagpki/acme/server/ACMEEngineConfigFileSource.java
</a>
</li>
<li class="file-stats">
<a href="#b06f3d028cc02923da8933796dd97c18947e876f">
base/acme/src/main/java/org/dogtagpki/acme/server/ACMEFinalizeOrderService.java
</a>
</li>
<li class="file-stats">
<a href="#a94776862bff1068c94b911dcff15c0778043f86">
base/acme/src/main/java/org/dogtagpki/acme/server/ACMERevokeCertificateService.java
</a>
</li>
<li class="file-stats">
<a href="#e00787d06879b23bb47a02edef01afb7689dbe64">
base/ca/shared/profiles/ca/AdminCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#d35c10b450c7430148f604f94fb7bc0484a5a4cb">
base/ca/shared/profiles/ca/ECAdminCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#3ea05f7ba635a0cb1d761519fe2dd810fc4a8ea4">
base/ca/shared/profiles/ca/caAdminCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#24354bc89c5b9cde5ab20ff5263cf3269101b674">
base/ca/shared/profiles/ca/caAgentFileSigning.cfg
</a>
</li>
<li class="file-stats">
<a href="#328d8a10afb7bf092778169f19730b00a3b0fad9">
base/ca/shared/profiles/ca/caAgentServerCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#7dd5a3356a7e02bd4097476f290d99eb6dbbb475">
base/ca/shared/profiles/ca/caCACert.cfg
</a>
</li>
<li class="file-stats">
<a href="#54356798f6b2f1dff17151040963f5e0c05d478e">
base/ca/shared/profiles/ca/caCMCECUserCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#b28a2062264998a5da3631a900d481e195ef46a5">
base/ca/shared/profiles/ca/caCMCECserverCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#ccf3be94c331a28fab798d0c55dfe993c0a8a76e">
base/ca/shared/profiles/ca/caCMCECsubsystemCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#ee2915d1d8bdcc73a921da31b894f00f9e9c946b">
base/ca/shared/profiles/ca/caCMCUserCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#22cd88397c7ed3920cb453f00f5806406f3c52bc">
base/ca/shared/profiles/ca/caCMCauditSigningCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#4a119a67dccf026c3d39086d98f3f92b1dac3d12">
base/ca/shared/profiles/ca/caCMCcaCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#a9c33fc338a702d4852e76ed7df63f93aae6930d">
base/ca/shared/profiles/ca/caCMCkraStorageCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#9ee677932f7f9c5f9c03419654043e35f949e87e">
base/ca/shared/profiles/ca/caCMCkraTransportCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#69566a5fa75b8658209e658a19c1ad663c37aa3c">
base/ca/shared/profiles/ca/caCMCocspCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#64832540d518b4c4a0e6d8cca1a062f46ad8c633">
base/ca/shared/profiles/ca/caCMCserverCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#4e4cd45cc91ec47d23a537d8965ca026de8c02b3">
base/ca/shared/profiles/ca/caCMCsubsystemCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#85f2b9b306c434522ef49a610e5b47827c22e493">
base/ca/shared/profiles/ca/caCrossSignedCACert.cfg
</a>
</li>
<li class="file-stats">
<a href="#d52e59d40446b3fe86a985c520274e582e5a8155">
base/ca/shared/profiles/ca/caDirBasedDualCert.cfg
</a>
</li>
<li class="file-stats">
<a href="#6179d91aef64fc28ce882ea539e34234739b4209">
base/ca/shared/profiles/ca/caDirPinUserCert.cfg
</a>
</li>
</ul>
<h5>The diff was not included because it is too large.</h5>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777;">
—
<br>
<a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/compare/7ee687a81af60bf1c79343a3ab62074c3c51cced...3836dc33161b9399df47c387b4d90d760399013d">View it on GitLab</a>.
<br>
You're receiving this email because of your account on salsa.debian.org.
If you'd like to receive fewer emails, you can
adjust your notification settings.
</p>
</div>
</body>
</html>