<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<h3>
Timo Aaltonen pushed to branch master-next
at <a href="https://salsa.debian.org/freeipa-team/dogtag-pki">FreeIPA packaging / dogtag-pki</a>
</h3>
<h4>
Commits:
</h4>
<ul>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9beafcf5abe5a17b6d37bfb4b211266569e7fd1f">9beafcf5</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-11T14:45:50-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add new healthcheck - CA System cert expiry
This patch adds a new healthcheck to test whether CA's
system certs have expired. It throws a WARNING if the
certificates are about to expire.
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a2fd414bb8625f0f5ce4cd9beab5af471a80e6bc">a2fd414b</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-11T14:45:50-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add new healthcheck - KRA System cert expiry
This patch adds a new healthcheck to test whether KRA's
system certs have expired. It throws a WARNING if the
certificates are about to expire.
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/964a701f278842c6fce5157c7aabed0e37179d78">964a701f</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-11T14:45:50-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Move the cert expiry calculation logic to generic method
This patch creates a reusable method that returns the pre-filled Result
object, that carries the Cert expiration status. The method can process
only 1 cert at a time.
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4b81e951578dd9a12ba9d4384275c099c8a51a2d">4b81e951</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-11T14:52:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added CertUtil.toPEM() for PKCS10
The code that converts a PKCS10 object into a PEM string has
been moved into CertUtil.toPEM().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a8a6416b983935faaa502604118c65f7e09ec485">a8a6416b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-11T14:52:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed deprecated methods in ClientConfig
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/43197691bb51e37a53be75ab4feded987dd13c12">43197691</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-11T14:52:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored MainCLI.getNSSDatabase()
The MainCLI.getNSSDatabase() has been modified to return
an NSSDatabase object.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/313b57b1e8332274af0da041466afed6d8712d3e">313b57b1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-11T14:52:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ClientCertImportCLI.importCACert() (part 1)
The code that imports a CA cert with a nickname has been moved
out of ClientCertImportCLI.importCACert().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3933b16001283738b77747faddcb5b3b98cc5d8a">3933b160</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-11T14:52:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ClientCertImportCLI.importCACert() (part 2)
The ClientCertImportCLI.importCACert() has been converted
into NSSDatabase.addCertificate().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3de6843e91b0c1d5fd93ae57afc91ebfbaf810b3">3de6843e</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-11T14:52:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ClientCertImportCLI.importCert()
The ClientCertImportCLI.importCert() has been converted into
NSSDatabase.addCertificate().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c701cf624c32a88fb98b377ecc7af2991e99d98e">c701cf62</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-11T14:52:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up ACME doc
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ab386a98c1f6a54bd7ce7f17b94ea06b86e1809a">ab386a98</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-11T16:06:21-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add new healthcheck - OCSP System Cert Expiry
This patch adds new healthcheck to test the expiration
of OCSP system certs
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/800540534a24ed1a9d2e2d7acbb4d8324978e575">80054053</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-11T16:06:21-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add new healthcheck - TKS System Cert Expiry
This patch adds a new healthcheck to test the expiration
of TKS system certs
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/235cfe1ae490aa064aeb426cb691cd79280c346d">235cfe1a</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-11T16:06:21-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add new healthcheck - TPS System cert expiration
This patch adds a new healthcheck to check the expiration
of system certs in TPS
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d206ef17facc083734de037f2624f00338ceaf14">d206ef17</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-11T18:49:53-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed NSSDatabase.create()
The NSSDatabase.create() has been modified to create the
NSS database with the internal token password.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2dea4a7685cdcc0a22eb581ea1d132528626d2ce">2dea4a76</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-11T18:50:40-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added NSSDatabase.addPEMCertificate()
The NSSDatabase.addPEMCertificate() methods have been added
to import certificate files in PEM format.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a755dc78985d55ccbdb71a7c5780adcc7751a6b4">a755dc78</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-11T19:03:57-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pki nss-cert-import
The pki nss-cert-import has been added to replace
pki client-cert-import --cert and --ca-cert.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/95366b7031fcdadc65cf65b6acd499c12596b0f1">95366b70</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-11T19:03:57-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Simplified pki pkcs12-import options
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0d59b969146e6ade3ba776cea269c4370d3c568a">0d59b969</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-11T19:03:58-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added PostgreSQL database doc
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8f75debdb29890574c21e9e25815b4a5e0412dde">8f75debd</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-15T12:45:55-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Simplified pki pkcs7-import options
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/804d827a8e127e965f6d659febe6bd9c9dfb6fac">804d827a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-15T12:45:55-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Simplified pki pkcs12-export options
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9f4f293fffb2a4d733b919f4987db551512d0f03">9f4f293f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-15T12:45:55-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated CMSEngine.configureAutoShutdown() (part 1)
A try-catch block in CMSEngine.configureAutoShutdown() has
been removed to expose all exceptions generated by the code.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/057ce47d8e2d2d1eb70756256a9f4359cb229ca3">057ce47d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-15T13:29:13-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated CMSEngine.configureAutoShutdown() (part 2)
A try-catch block in CMSEngine.configureAutoShutdown() has been
removed to expose any problem in finding the audit signing cert.
The CMSEngine.init() has also been modified to call the method
only after the audit signing cert has been created.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/379277389829c85f46d8de41e8e38e2083236531">37927738</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-15T13:29:13-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated CMSEngine.configureAutoShutdown() (part 3)
A try-catch block in CMSEngine.configureAutoShutdown() has been
removed to expose any problem in removing existing auto-shutdown
crumb file.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7a31f28f4766e0a220ca4eeaf6fa771dbcedd40f">7a31f28f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-15T19:32:25-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added NSSDatabase.createRequest()
The NSSDatabase.createRequest() has been added to create a
certificate signing request using a local NSS database.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/99793a50e60c23260a51b42da23646aca91c5a69">99793a50</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-15T19:32:25-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added NSSDatabase.createCertificate()
The NSSDatabase.createCertificate() has been added to issue
a certificate using a CA signing certificate stored in a local
NSS database.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0b4ba07c4766e595f3f621bb2065c683287d1cb2">0b4ba07c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-15T19:32:25-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pki nss-cert-request
The pki nss-cert-request have been added to create a certificate
signing request using a local NSS database.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3d82cdfe4adfbdd84b63a0e0b1a8d9d4ebe919d7">3d82cdfe</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-15T19:32:25-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added pki nss-cert-issue
The pki nss-cert-issue have been added to issue a certificate
using a CA signing certificate stored in a local NSS database.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/21528f4940587680edb6e67da168dee74e0780de">21528f49</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-16T14:01:11-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up ACMEEngine log messages
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/85b7b89e3a38fdab0b4c27dc2042985516f2ec6b">85b7b89e</a></strong>
<div>
<span>by dependabot[bot]</span>
<i>at 2020-06-16T20:32:47-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bump xercesImpl from 2.11.0 to 2.12.0
Bumps xercesImpl from 2.11.0 to 2.12.0.
Signed-off-by: dependabot[bot] <support@github.com></pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0011cfbed92e28f213bd25e914c647f14a6bb9f1">0011cfbe</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2020-06-18T15:53:12+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug 1805541 improvement over verifySCT - [RFE] CA Certificate Transparency with Embedded Signed Certificate Time stamp
This patch made some more attempt to improve on verifySCT
(though still not working; lack of the signed blob from sender
makes it a bit challenging)
It adds the following:
- Include code to use LinkedHashMap instead of Hashtable (requires jss fix)
- Added debugging code to be sure that the extensions didn’t get out of order through manipulation
- Allow for CT lg connection issue, but disallow for failed CT verification (though still temporarily disable failure for signature verification)
- For verifySCT
- Added missing 3 byte length for tbsCert
- Added processing for extensions, though most likely not needed for some time
Note: the global on/off is rigid at this point without "per-profile" control;
https://bugzilla.redhat.com/show_bug.cgi?id=1805541
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f183aa0d0d3391bfedbeb0840bd0cca8d5baf462">f183aa0d</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-06-18T15:53:12+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CT: decode signature value properly
The CT signature is TLS-encoded structure with 4 leading bytes. The
rest of the signature is the signature value, which is a DER-encoded
ECDSA-Sig-Value per https://tools.ietf.org/html/rfc5480. This is
exactly what JSS needs, so only drop the first 4 bytes.
With this change, SCT signature verification now works.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/43466bf02606c68d31da7221c7181c10f30987d3">43466bf0</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-06-18T15:53:12+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CT: cleanups
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/85fdca4b91e9bec8680f2dcecec710cdae8b7835">85fdca4b</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-06-18T15:53:12+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CT: tidy up "allow failed SCT verification" control
The "allow failed SCT verification" behaviour was a bit buggy. If
it got a boolean verification result it "correctly" ignored failed
verification, but if an exception was thrown (e.g. due to malformed
log server response) it returned 'false', aborting issuance.
Extract the "allow failed verification" check out of verifySCT to
the call site. A single boolean now controls the behaviour. It
should be further extracted to a config knob in a future commit.
For now the default remains to ignore failed verification.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/62b8df1b74bbde0545051d2ca0f041c770cd3f88">62b8df1b</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-06-18T15:53:12+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CT: createSCTextension: handle SCT extensions properly
To handle possible future extensions, read the extensions from the
log server response(s) and copy them into the SCT extension.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/decf11920d40103f5290be157388979341fb18fa">decf1192</a></strong>
<div>
<span>by Fraser Tweedale</span>
<i>at 2020-06-18T15:53:12+10:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CT: extract "write fixed-width length field" method
Define 'intToFixedWidthBytes' which encapsulates the logic of
writing a length as a fixed-width big-endian uint. This avoids
repetition and makes things easier to follow at call sites.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e39d5978db53553a12dd43afd8b38dfadd4f1cec">e39d5978</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2020-06-18T11:33:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Enable TLS 1.3 post handshake auth
TLS 1.3 no longer supports renegotiations. Clients must announce support for
post handshake authentication to support conditional authentication with
client certs.
The fix is required to make Dogtag work with FreeIPA and TLS 1.3 enabled
Apache HTTPd proxy.
n.b.: rebased by Alexander Scheel, enabled PHA
Change-Id: I07da8779e233f6e77526df30e29da575676ac0e9
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/50c23ec146ee9abf28c9de87a5f7787d495f0b72">50c23ec1</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-18T11:33:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Enable certificate verification in PKIConnection
To PKIConnection's initialization handler, we introduce a new argument,
cert_paths, which takes a string or iterable; each unit of which is
treated as a capath or cafile depending on whether or not it is a
directory. See ssl.SSLContext.load_verify_locations for more
information. This enables both PKI and IPA to specify independent CA
file locations at the same time and have fallback if this does not work.
Because some users might've already loaded the CA certificate into the
system-wide CA certificate store (if they're running Dogtag in
production), we also inclue the global trust store.
Resolves: rh-bz#1426572
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8705ebeb31c123d21f864dcad5e88f3cbfc59793">8705ebeb</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-18T11:33:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Make healthcheck check CA certificate
When running healthcheck, use the CA certificate in PEM form at
/etc/pki/<instance>/alias/ca.crt to verify connections with
PKIConnection. This is because the healthcheck tool is run on the
server, not on a remote client system.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e5793704caf37ba90eb1f9f8d9147d3f1ceb9a23">e5793704</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-18T11:33:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Make PKI server operations verify CA certificate
We create a path ~/.dogtag/nssdb/ca.crt which contains the PEM-encoded
CA certificate in the NSS DB. When setting up PKI server authentication,
check for this CA file and use it when present. If we're performing
cert-based auth, we're dumping the CA certificate into the .p12 file, so
we can extract just the CA certificate to create it if it is missing.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/de680af221ff134cbbd773622e22b60d1a560fb7">de680af2</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-18T11:33:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Check CA Certificate in Security Domain
When checking a Security Domain connection, we should ensure the CA
certificate is already provisioned to this machine prior to attempting
this call.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7fba9a1610992f72baa8cdd25deec3b3ba67d8be">7fba9a16</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-18T11:33:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Secure PKIConnection during pkispawn, add CA cert
When the CA certificate is missing in PEM form in the NSS DB (but is
present from the pki_ca_cert_path parameter in the spawn configuration,
add it to this instance's alias prior to using PKIConnection.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/614846ecfefe38c8d7ca295e1a90bf5b665e0ec7">614846ec</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-18T11:33:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Export CA certificate from clone PKCS#12 file
When creating a cloned subsystem, export the CA certificate into the
expected location prior to continuing subsystem installation. This
should ensure we provision the CA certificate prior to any calls to
PKIConnection.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/35c52586632e90d429a76344fa34ebc6e4d8445a">35c52586</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-18T11:33:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Ignore certificate validation during status checks
When waiting for a subsystem to come up, we initialize a new
PKIConnection. However, we don't necessarily need to validate this
certificate: it is a status check and spoofing the result at worst
causes us to fail somewhere else, later, if the server isn't yet alive
and/or the connection was spoofed. Since this is primarily used in
pkispawn, it should be safe to ignore any certificate validation
failures and set verify=False here.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c4a3454e52b178597ec00bd4e3f10ab22e0bd57d">c4a3454e</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-18T11:33:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Verify CA certificate when destroying KRA
When destroying a KRA instance, we query a list of all CAs this KRA
instance is registerred to. When querying this list, verify the
certificate on the remote peer.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/00fdf77f9a9a511157679a867cbea6f7608092a5">00fdf77f</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-18T11:33:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Export CA certificate after NSS DB migration
In order to ensure all subsystems continue to function with enforced CA
validity checking, export the CA after NSS DB migration. This should
ensure we always get the latest CA certificate (as the CA would
presumably be restarted after a new CA certificate has been issued).
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/dc5b3e78e2141109353bfbc74592f428468fd72e">dc5b3e78</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-18T11:33:12-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add documentation on PKI certificate validation
This documents utilizing the pki_cert_chain_path to configure an
existing CA certificate into the NSS DB. We also document proper CLI
setup procedures, including mentioning that the CA certificates must be
imported.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/578f682ef9e9293af062432997ce3049ff921441">578f682e</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-18T10:35:28-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added auto-reconnect for PostgreSQL database
The PostgreSQLDatabase.connect() has been added to create
the initial connection, validate the current connection,
and reestablish the connection if it's closed.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b235c0f3c6c249dbba692410b525d8d6fb7409f4">b235c0f3</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-18T13:38:04-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix XSS in PathLength attribute in CA agent web page
- The input type is set to number when "integer" is encountered
- The server error message is html escaped, before it gets displayed in client browser
Resolves: BZ#1710171
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6c43dd3005aa9d193578f392358f376ff190bdc0">6c43dd30</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-18T13:03:09-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added certificate storage in ACME database
The ACMEDatabase has been modified to provide a certificate
storage for ACME issuers that do not have their own storage.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/56b8375e6e02d69df427c768e2e792c4bca4b089">56b8375e</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-18T20:02:18-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix reflected XSS attack when hitting getCookie endpoint
This patch sanitizes the Server generated error message, to escape
the HTML tags if any present.
Resolves: BZ#1789907
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/50585c651668a02c7c961f84a8068ace76e46e70">50585c65</a></strong>
<div>
<span>by Pritam Singh</span>
<i>at 2020-06-19T10:05:10-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added client-side prevention for XSS in recoveryID endpoint
Signed-off-by: Pritam Singh <prisingh@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/835f1dcd739752d000448d42ac3a05233310e446">835f1dcd</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-19T10:16:40-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Simplified pki pkcs12-cert-find options
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/73da2085388876c9f398f836d54c960102f99938">73da2085</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-19T10:16:40-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added default ACME validators configuration
The ACMEEngine.loadValidatorsConfig() has been modified to
load the default validators.conf if the configuration file
is not available.
The pki-server acme-create command has been modified to no
longer create validators.conf so the ACME responder will
use the default one.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/edff88c927dfaeca41f67f3105ecbfaacc5616a8">edff88c9</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-19T10:17:21-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added non-blocking ACME validation
The ACMEChallengeProcessor has been added to perform the
ACME validation using a separate thread such that it does
not block the main thread.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/426d5f736bf124f3debf89d9feaa1c1bbc273156">426d5f73</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2020-06-19T12:02:06-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug1629025: KRA transporCert nick: Server-Side keygen Enrollment for EE
This patch fixes the issue where CA attempts to get
ca.ca.connector.KRA.transportCertNickname
instead of
ca.connector.KRA.transportCertNickname
from it's CS.cfg
https://bugzilla.redhat.com/show_bug.cgi?id=1629025
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/63a75f81aa8714d328c3829160b6149a96f59cf9">63a75f81</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-06-19T15:12:47-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix javadoc build on Debian
Tried to build 10.9.0-a1 on Debian, but it fails building javadoc:
[ 98%] Generating Javadoc for pki-javadoc
cd /home/tjaalton/src/pkg-freeipa/dogtag-pki.git/build/core/base/javadoc && /usr/lib/jvm/java-11-openjdk-amd64/bin/javadoc -d /home/tjaalton/src/pkg-freeipa/dogtag-pki.git/build/core/base/javadoc/javadoc/pki-10.9.0 -windowtitle 'pki-javadoc' -doctitle '<h1>PKI Javadoc</h1>' -author -use -version -quiet -Xdoclint:none -sourcepath :/home/tjaalton/src/pkg-freeipa/dogtag-pki.git/base/javadoc:/home/tjaalton/src/pkg-freeipa/dogtag-pki.git/base/util/src:/home/tjaalton/src/pkg-freeipa/dogtag-pki.git/base/common/src:/home/tjaalton/src/pkg-freeipa/dogtag-pki.git/base/java-tools/src:/home/tjaalton/src/pkg-freeipa/dogtag-pki.git/base/server/src -classpath :/usr/share/java/slf4j-api.jar:/usr/share/java/jaxb-api.jar:/usr/share/java/xalan2.jar:/usr/share/java/xercesImpl.jar:/usr/share/java/commons-cli.jar:/usr/share/java/commons-lang.jar:/usr/share/java/commons-codec.jar:/usr/share/java/commons-httpclient.jar:/usr/share/java/commons-io.jar:/usr/share/java/ldapjdk.jar:/usr/share/java/velocity.jar:/usr/share/java/servlet-api-3.1.jar:/usr/share/java/tomcat9-catalina.jar:/usr/share/java/tomcat9-util.jar:/usr/share/java/httpclient.jar:/usr/share/java/httpcore.jar:/usr/share/java/jaxrs-api.jar:/usr/share/java/jackson-annotations.jar:/usr/share/java/jackson-databind.jar:/usr/share/java/jackson-module-jaxb-annotations.jar:/usr/share/java/resteasy-jaxrs.jar:/usr/share/java/resteasy-atom-provider.jar:/usr/share/java/resteasy-client.jar:/usr/share/java/jss4.jar:/home/tjaalton/src/pkg-freeipa/dogtag-pki.git/build/core/dist/symkey.jar:/usr/share/java/tomcatjss.jar:/home/tjaalton/src/pkg-freeipa/dogtag-pki.git/build/core/dist/pki-cmsutil.jar:/home/tjaalton/src/pkg-freeipa/dogtag-pki.git/build/core/dist/pki-certsrv.jar:/home/tjaalton/src/pkg-freeipa/dogtag-pki.git/build/core/dist/pki-tools.jar:/home/tjaalton/src/pkg-freeipa/dogtag-pki.git/build/core/dist/pki-tomcat.jar:/home/tjaalton/src/pkg-freeipa/dogtag-pki.git/build/core/dist/pki-cms.jar -subpackages :com.netscape.cmsutil:com.netscape.certsrv:com.netscape.cmstools:org.dogtagpki:com.netscape.cms
javadoc: error - No source files for package com.netscape.cmsutil
I believe base/javadoc/CMakeLists.txt needs to be updated..
it was quite simple
Resolves: https://www.pagure.io/dogtagpki/issue/3176
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/364de389758962fbd64f794c85dcbfd7800634a7">364de389</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-19T14:53:54-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up ACME doc
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0447bd7228fded2af4604bc0cc5c9f7839cbc79a">0447bd72</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-19T15:00:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added NSSExtensionGenerator
The NSSExtensionGenerator has been added to create certificate
extension objects from a configuration file. Initially it only
supports BasicConstraintsExtension.
The NSSDatabase has been modified to support creating certificate
request or issuing certificates with extensions.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/57e97b2bccffe81c1f5cf8ace3fdd7f36c19528b">57e97b2b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-19T15:00:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added support for AuthorityKeyIdentifierExtension
The NSSDatabase and NSSExtensionGenerator have been modified
to support AuthorityKeyIdentifierExtension.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/302edc84c891e44bad4aa956a4c5a72b643d06bf">302edc84</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-19T15:00:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added support for SubjectKeyIdentifierExtension
The NSSDatabase and NSSExtensionGenerator have been modified
to support SubjectKeyIdentifierExtension.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6e28f76af755579db298dbc2d0343c75b827f862">6e28f76a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-19T15:00:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added support for AuthInfoAccessExtension
The NSSDatabase and NSSExtensionGenerator have been modified
to support AuthInfoAccessExtension.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3e035de670499d8b80801a2ba835852c4bea91fe">3e035de6</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-19T15:00:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added support for KeyUsageExtension
The NSSDatabase and NSSExtensionGenerator have been modified
to support KeyUsageExtension.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bec9b60e08d3151f9202d5f7e2c09f62a4e996cb">bec9b60e</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-19T15:00:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added support for ExtendedKeyUsageExtension
The NSSDatabase and NSSExtensionGenerator have been modified
to support for ExtendedKeyUsageExtension.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/923e1e1247f5a502913a55cc607fb9eba567b70d">923e1e12</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-19T15:00:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added support for CertificatePoliciesExtension
The NSSDatabase and NSSExtensionGenerator have been modified
to support CertificatePoliciesExtension.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/74918419b0059e5aa9d1ba28b385dcd205700f06">74918419</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-19T16:42:44-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Use password during NSS DB creation
In most instances, MainCLI has already parsed options prior to executing
MainCLI.init(). Require the caller to ensure this holds. When a NSS DB
password has been provided, use it to create the NSS DB when one doesn't
yet exists. This matches users's expectations.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1843537
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3a92a1db581541ad700916aa970f098937be5171">3a92a1db</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-19T18:09:04-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added NSSIssuer
The NSSIssuer has been added to provide an embedded
CA for the ACME responder using a local NSS database.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ca428b43651e8f7e3d28ef32c9a50c50aa3f83c9">ca428b43</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-19T19:36:10-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Set -Dcom.redhat.fips=false in Tomcat config
FIPS mode in OpenJDK shipped on RHEL-like platforms uses SunPKCS11 to
provide cryptographic primitives for SunJSSE (including SSLEngine and
SSLSocket) and other high-level providers. However, because SunPKCS11
uses NSS, we'd have a race between JSS and SunPKCS11. This isn't good,
because when Tomcat loads up, SunPKCS11 will consistently load before
TomcatJSS initialization, starving JSS's chance to become the default
provider. By setting -Dcom.redhat.fips=false unconditionally, we
decrease the JDK's reliance on SunPKCS11, decreasing the chance it'll
load. Indeed, prior to the changes to follow system FIPS mode, we've not
encountered any issues with SunPKCS11 loading ahead of JSS.
This change adds -Dcom.redhat.fips=false to the Tomcat configuration
unless the key is already present.
Because JSS is FIPS conforming, and provides a SSLEngine and SSLSocket
implementation since JSS 4.7.0, this is safe to do. In the future,
java.security can be used to ensure only JSS is loaded, preventing any
non-FIPS operations completely.
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1655466
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1759335
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1780335
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1821851
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1830090
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/43a2738ceedc61f062124004f2ea38229d51d518">43a2738c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-22T10:49:21-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added PKIServer.nssdb_link
The code in PKIInstance that creates and removes the link
to the NSS database has been moved into PKIServer.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/41e1590b02f1334b60e6fc86cbf28075ce3ae262">41e1590b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-22T10:49:21-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reorganized ACME database files
The ACME database files have been moved into acme/database
to simplify the paths.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b20f0803621f37f35859087b1b79011987d5cab7">b20f0803</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-22T10:49:21-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reorganized ACME issuer files
The ACME issuer files have been moved into acme/issuer
to simplify the paths.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b04097fc279d632093e9fba099c144bde6184ff4">b04097fc</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-22T10:49:21-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Simplified pki pkcs12-cert-mod options
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/abc01031c325c9dd6ef2af6510a3a94e543dfd07">abc01031</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-22T11:38:38-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated version number to 10.9.0-0.3 (beta 1)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/412b3150f33d2648a262642ecb5adda5dbc82386">412b3150</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-22T15:12:37-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Renamed issuer parameter in NSSIssuer
The issuer parameter in NSSIssuer has been renamed to
nickname for clarity.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/606aa7b9a3c8fb2d4fc725e1baa0f80a5215c6e1">606aa7b9</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-22T15:13:12-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added default value for NSSIssuer nickname
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4f3db1aec319921112d3ef04fd6739d2a6cd15c1">4f3db1ae</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-22T15:13:13-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added default value for NSSIssuer extensions
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4f47a2f65ccde0ff00d6a40d602d35c1a0e3eb7a">4f47a2f6</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-23T18:00:23-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Require python3-setuptools explicitly
python3-setuptools is required to setup PKI healthcheck tool. There
was a request submitted by setuptools developers to specify BR directly
rather than using tranisitive dependency (ie) python3-devel pull
python3-setuptools currently
Ref: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/GCPGM34ZGEOVUHSBGZTRYR5XKHTIJ3T7/
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1b4558bf7ebac2d1fcf5d431ac12b0c6a15dadb9">1b4558bf</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-24T11:53:59-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix extraction of CA certificate
openssl pkcs12 gets annoyed when the CA certificate already exists.
Remove it before exporting on each migration.
This manifests itself as a failure during pki-tomcatd startup:
Jun 24 06:05:59 host-10-0-137-221.ipa.example pki-server[21402]: ---------------
Jun 24 06:05:59 host-10-0-137-221.ipa.example pki-server[21402]: Export complete
Jun 24 06:05:59 host-10-0-137-221.ipa.example pki-server[21402]: ---------------
Jun 24 06:05:59 host-10-0-137-221.ipa.example pki-server[21375]: ERROR: Command: openssl pkcs12 -in /tmp/tmpfn_vr9yx/sslserver.p12 -out /etc/pki/pki-tomcat/alias/ca.crt -nodes -nokeys -passin pass::6|xZFEk8Dog
See also: https://github.com/freeipa/freeipa/pull/4820#issuecomment-648729659
Related: rh-bz#1426572
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/deca1c8792008a5298ec1971414d9669258b64d4">deca1c87</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-24T17:12:26-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Healthcheck: Ignore SSL verification in connectivity check
The connectivity check's motive is to test whether the given
subsystem is up and able to respond. Strict SSL validation is not
required. This patch turns it off for the COnnectivity Healthcheck.
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a21bd28cc2abfbf0f6a8d0bf8591bcba2f437c63">a21bd28c</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-25T12:35:23-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Provision CA certificate for Security Domain check
When checking the Security Domain during pkispawn, we enforce
certificate validation. This is because we're also checking the
username/password given to us. This should go over a secured connection,
so simply setting verify=False would be a bad fix. Instead, ask the user
for a pki_cert_chain_path if one isn't given and use that to validate
the security domain's connection when the ca.crt path isn't already
populated.
This manifests itself as the following error:
File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 930, in <module>
main(sys.argv)
File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 544, in main
check_security_domain()
File "/usr/lib/python3.6/site-packages/pki/server/pkispawn.py", line 716, in check_security_domain
info = deployer.get_domain_info()
File "/usr/lib/python3.6/site-packages/pki/server/deployment/__init__.py", line 270, in get_domain_info
self.domain_info = sd_client.get_domain_info()
File "/usr/lib/python3.6/site-packages/pki/system.py", line 270, in get_domain_info
response = self.connection.get(self.domain_info_url, headers=headers)
File "/usr/lib/python3.6/site-packages/pki/client.py", line 55, in wrapper
return func(self, *args, **kwargs)
File "/usr/lib/python3.6/site-packages/pki/client.py", line 259, in get
timeout=timeout,
File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 546, in get
return self.request('GET', url, **kwargs)
File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 514, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='pki1.example.com', port=20443): Max retries exceeded with url: /ca/rest/securityDomain/domainInfo (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
Related: rh-bz#1426572
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/57fdb9bb6bb2653a428818fc2792f6940740d515">57fdb9bb</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-25T14:33:23-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored EnrollDefault.deleteExtension() (part 1)
The EnrollDefault.deleteExtension() has been modified to
throw a generic exception.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/16269168dcf252174344d7ed84301a2c4b95beb4">16269168</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-25T14:34:16-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored EnrollDefault.deleteExtension() (part 2)
The EnrollDefault.deleteExtension() has been modified to use
a separate loop to avoid ConcurrentModificationException.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/b2388e9a82534a0c3fb81b954c0db2b04f363225">b2388e9a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-25T15:00:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored CAProcessor.saveAuthToken() (part 1)
The code that checks that the authentication token and the
request are not null in CAProcessor.saveAuthToken() has been
moved to the caller.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/134f20ba17ea84551c3809564b8befc4cd34e3d6">134f20ba</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-25T15:22:05-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored CAProcessor.saveAuthToken() (part 2)
The variable names and log messages in CAProcessor.saveAuthToken()
have been modified for clarity.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/e131adc0794ad2b0b5fadcff5b6a03e8a97088cb">e131adc0</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-25T16:53:35-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated version number to 10.9.0-0.4 (beta 2)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3073c64aa41c0c736634ff6fe7cbfa51a049910e">3073c64a</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2020-06-25T19:31:17-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug1805541-parseAlgs-[RFE] CA Certificate Transparency with Embedded Signed Certificate Time stamp
This patch parses the CT response for hashing and signing algorithms.
There is plan to fine-tune the CT code later.
https://bugzilla.redhat.com/show_bug.cgi?id=1805541
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/2a0dae85067446f0b834c19cee67b58f789cf89c">2a0dae85</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-29T10:55:05-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed default user/group in pki-server create
The hard-coded default user/group in pki-server create has
been removed such that it's going to be determined by the
type of instance being created.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6c18b47f9d07f8c9b97a2ed5b6aefba8a05b3fe9">6c18b47f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-29T10:55:48-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up log messages in PKIIssuer
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4ce3a7e4d946f22188a955beb82a864f9888dbf2">4ce3a7e4</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-29T10:55:48-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up main web.xml
The main web.xml has been modified to map .properties
files to text/plain to avoid syntax errors in Firefox.
https://github.com/jquery-i18n-properties/jquery-i18n-properties
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7ab7f7319ee739d10a0c6042f6f0559b438e716a">7ab7f731</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-29T10:55:48-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up ACME's web.xml
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/33f4893ca2c3dc9daa669da8b1d03a52afb34c04">33f4893c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-29T14:20:23-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added ACME Dockerfile
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0682f55322bdf583bd5b0492f0995cdd560f96a3">0682f553</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-29T14:20:23-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added ACME deployment config for OpenShift
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/93732b527a9083987f6fd16960e42a02433ee7f3">93732b52</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-30T11:20:15-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Healthcheck: Add method to load dogtag specific config values
This patch adds a reusable method to load dogtag specific values
specified in the config file. Note that each registry calls this
method but, the values are read only once. The registry initialization
is handled by the underlying 'pkg_resources' library and there was no
particular order.
TODO: This is a temporary patch and the parsing method should be
moved into the ipa-healthcheck-core library
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bb0739e027121756f51f6c9002ac08db0b7e5f0b">bb0739e0</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-30T11:20:15-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactor DogtagCertsConfigCheck to accommodate other subsystems
This patch refactors DogtagCertsConfigCheck to accommodate other
subsystems: OCSP, TKS and TPS. This patch also uses the config names
mentioned in the healthcheck config file.
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/400a5a8f8db6a60efe9c904583a365e2a8c042b9">400a5a8f</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-30T11:20:15-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Healthcheck: Allow healthchecks to load custom named instances
This patch allows the Healthchecks to use the custom instance
names provided via the pki specific healthcheck config file. This
will allow healthcheck to be executed in standalone Dogtag PKI
environments.
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a8f7eedea809ba34c728db539f064ed76acbb3d7">a8f7eede</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-30T11:20:15-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update PKI-healthcheck documentation
Add documentation related to /etc/pki/healthcheck.conf
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7fcb8993fc4a2e9dddb4653e554d6330a57dfa5e">7fcb8993</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-06-30T11:20:15-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Healthcheck: Minor improvements to config and expiration check
This patch:
* Uses expiration day value specified in config to report warnings
during the System Certificate Expiration Check
* Prior to this commit, if a custom instance name is specified for a
subsystem, ALL subsystem's instance names needed to be specified. This
patch removes that restriction.
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d6c91ee4a11a55534c733d144b3108e16b0ac6aa">d6c91ee4</a></strong>
<div>
<span>by Christian Heimes</span>
<i>at 2020-06-30T12:05:57-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">pki password fix for FIPS
NSS DB in FIPS mode seems to require a password in all cases. When pki
attemps to open NSS DB without password in FIPS mode, it blocks with a
prompt to enter a password. This breaks installation in FIPS mode:
Enter password for NSS FIPS 140-2 User Private Key
Signed-off-by: Christian Heimes <cheimes@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/573f574e53719c1e7be470471f6c7ca776c36a69">573f574e</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-30T17:59:38-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add separate bootstrap CSS file
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/01d46248bb5c645a88dc4437f7de383179ab12c3">01d46248</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-06-30T17:59:38-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Link in new Bootstrap CSS file
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/021b273cc59965fdb4daa4d7d1ae914fd549acfb">021b273c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-30T18:19:22-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Removed tech preview notifications
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5e5dba62663cc0ce1a4dd17ab915d36d94290303">5e5dba62</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-07-01T07:05:51+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge branch 'upstream-next' into master-next
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/eb87e0ccdb10b3455b64700ceb3d4b951359137d">eb87e0cc</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-07-01T07:06:28+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">bump the version
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/627425ac780ff4908b6c40d906d8a651bd5155f4">627425ac</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-07-01T07:07:09+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">fix-javadoc-build.diff: Dropped, upstream.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/44a6c53c345ce8901cb105457a2dc4d32b72f1d1">44a6c53c</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-30T23:16:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Renamed TPS profile service
The ProfileService for TPS has been renamed into
TPSProfileService for clarity.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f9db0af1c316743504312746fd72f846a90404b7">f9db0af1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-30T23:17:17-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up log messages in TPSProfileService
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f306fa8afa74886ea00245d1d38a01227bcf87ca">f306fa8a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-30T23:17:17-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added ProfileData.profileID
The ProfileData.profileID has been added to store the ID
before the profile is added into the database.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/a4336bad6e8c446d577f196fd43d74d41f762a96">a4336bad</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-06-30T23:17:17-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added ErrorDialog.htmlContent
The ErrorDialog has been modified to provide an option to
display HTML content.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8884b4344225bd6656876d9e2a58b3268e9a899b">8884b434</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-07-01T11:30:30-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Replace CMSTemplate custom sanitization with lang2
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f770c4e5425c8ce3b2c3da53b4e11d4c12b61468">f770c4e5</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-01T10:42:04-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored EntryPage.save()
The EntryPage.save() has been renamed to saveEntry() for clarity.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8734909bc5b61e230b18c112ffcd501fbe01e388">8734909b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-01T10:42:04-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated ErrorDialog.close()
The ErrorDialog.close() has been modified to trigger an event.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/02e3f1e5b448425954082691f17d0cf7556c9806">02e3f1e5</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-01T11:25:00-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up log messages in TokenService
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1dbb07f8e41b4809b0f41a7643c37301fcf712d8">1dbb07f8</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-01T15:47:32-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added input validation for TPS
The TPSProfileService has been modified to validate the
profile ID and profile property names received via REST API.
The TPS UI has been modified to validate profile ID and
profile property names before they are sent to the server.
The TableItem.renderColumn() has been modified to escape
the value already stored in the database before displaying
it in the UI.
https://bugzilla.redhat.com/show_bug.cgi?id=1791099
https://bugzilla.redhat.com/show_bug.cgi?id=1793076
https://bugzilla.redhat.com/show_bug.cgi?id=1725129
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/da7d9cc31740f86074893411ca413e0b6eb0d1cf">da7d9cc3</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-02T11:16:09-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated version number to 10.9.0-0.5.unstable (beta 3)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c1098bb1bb8841427d80fa13c050107853bb3019">c1098bb1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-02T16:23:51-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated build.sh to generate UTC timestamp
The build.sh has been modified to generate UTC timestamp such
that it is consistent across different time zones.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/fd3e3dea77976451ee9e1d06018d6da124ab98be">fd3e3dea</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-02T17:05:00-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up log messages in CertRequestService
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/9de45c2812e9eaddaeef50dd422117cf57820581">9de45c28</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-02T17:11:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up log messages in PKIRealm
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/44c34cc125b5a514082ed706d44a6a5bcfc403fe">44c34cc1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-02T17:11:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added UserClient constructor
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/62e86aa28b7871bde0573de6804eade7d1be5e68">62e86aa2</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-02T17:11:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added GroupClient constructor
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/bd46b1a598a089c6ada55eca84c124d028dbded4">bd46b1a5</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-02T17:11:14-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added setter/getter for CertEnrollmentRequest.serverSideKeygenP12Passwd
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/14ece271f28f16a1583819cddc43c02b6acf817e">14ece271</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-02T18:47:27-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Deprecated PKIInstance.server_cert_nick_conf()
The PKIInstance.get_sslserver_cert_nickname() has been modified
to get the SSL server cert nickname from the server.xml. The
PKIInstance.server_cert_nick_conf() is no longer used so it has
been deprecated.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/68e7c3b5b771aa7ceac6b9d3ee48cf99cbae4ceb">68e7c3b5</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-02T21:28:13-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Cleaned up basic PKI server install doc
The doc for installing basic PKI server has been
modified to use the default instance name.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/59f58e7ee03fb817fc659decb0f3ec46a475b9d0">59f58e7e</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-02T21:28:13-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated basic PKI server install doc with NSS database
The doc for installing basic PKI server with NSS database
has been modified to use pki nss commands.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5d97b91afd56767a91818bae794ac3afbfc3d1ba">5d97b91a</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-06T22:52:48-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Reorganized basic PKI server install doc
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/f378079415b8f9c9bef0936dd3b419079b1c8263">f3780794</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-08T09:30:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed NSSExtensionGenerator.createAIAExtension()
The NSSExtensionGenerator.createAIAExtension() has been modified
to call AuthInfoAccessExtension.encode() in order to populate its
extensionValue field. Otherwise, the null extensionValue will
cause an NPE in CertificateExtensions.parseExtension().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3493f58df6a1ac8fc941398ed4ee81ef1f17262f">3493f58d</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-08T09:30:50-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added PostgreSQL.setup()
The PostgreSQL.setup() has been added to automatically create
the tables when the server initially connects to the database.
This eliminates the requirement to create the tables manually.
The docs have been updated accordingly.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/fa9d5a4ccdb3caa7da483569e38b42eae366d3e2">fa9d5a4c</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2020-07-08T17:09:41-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug1629025-handle large keys-ServerSideKeygen
This patch addresses the issue that for ServerSideKeygen enrollments,
if the RSA keys are larger (3072 or 4096), the enrollment would fail.
It may very well have to do with Apache's limit on HTTP header.
While there might exist a better way to resolve this, I'm opting
to remove a duplicated "issued cert" entry in the request itself which
effectively resolves the issue.
https://bugzilla.redhat.com/show_bug.cgi?id=1629025
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0067bada6803a3c7a6da05f3a0afe7272c40b02d">0067bada</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-08T21:36:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added JUL logging options for PKI console
The PKI console has been modified to provide CLI options
to set the log level for java.util.logging.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d6a511b2cd15cea974435bfa75183533179ea208">d6a511b2</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-08T21:36:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added ACMEEngine.start()/stop()
The code that starts and stops the ACME engine in
ACMEEngine.contextInitialized() and contextDestroyed() has
been moved into start() and stop().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/0215655f04866e4ee4790afd8acbb922ab43036d">0215655f</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-08T21:36:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ACMEEngineConfigSource (part 1)
The setEnabled and setWildcard fields in ACMEEngineConfigSource
have been renamed into enabledConsumer and wildcardConsumer for
clarity. Setters/getters have also been added for these fields.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/c369ffa19a87373b6c8fa040411e485398135a9a">c369ffa1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-08T21:36:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ACMEEngineConfigSource (part 2)
The ACMEEngineConfigSource.init() has been modified such that
the caller is responsible to initialize the consumers.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1223d8b93990448b6d0820c3fc06992a066f146d">1223d8b9</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-08T21:36:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored PostgreSQLDatabase.deleteAccountContacts()
The PostgreSQLDatabase.deleteAccountContacts() has been converted
into removeAccountContacts() which takes an account ID.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/5b56a967fd1c7f55e8018fafa7cb1950a298e5c9">5b56a967</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-08T21:36:44-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored PostgreSQLDatabase.deleteAuthorizationChallenges()
The PostgreSQLDatabase.deleteAuthorizationChallenges() has been
converted into removeAuthorizationChallenges() which takes an
authorization ID.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7b9b3c6ce73903b99ced5d5dc51981d051dc3e5c">7b9b3c6c</a></strong>
<div>
<span>by Alexander Scheel</span>
<i>at 2020-07-09T10:49:00-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Measure individual test execution time
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/3702d4a1bda9e558253e5be189a884c51bbb06dc">3702d4a1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-09T15:52:34-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added ACMEScheduler
The ACMEScheduler has been added to schedule tasks to run
periodically in the background.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/8cb34a7723758c1af8f63b30afd9465eb53cff41">8cb34a77</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-09T15:52:34-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added ACMEMaintenanceTask
The ACMEMaintenanceTask has been added to clean up ACME
database. Initially it is used to clean up expired nonces
every 5 minutes.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/337cff960cf01c0cfd5ac759c11053a9f0de7e7f">337cff96</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-07-09T17:51:37-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Copy missing profiles between 10.5 and current version (10.9)
This patch copies all missing profiles introduced from 10.6+
and configures the CS.cfg in existing deployments. This ensures
that the old deployments (<=10.5) can use the latest profiles
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/ec859b40c885d3997bb16bebe11c2c7067538ba7">ec859b40</a></strong>
<div>
<span>by Dinesh Prasanth M K</span>
<i>at 2020-07-09T17:51:37-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove duplicate entries from CS.cfg
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/21a8f05f5ccaee7eb583784217bb0e5b5563ea0b">21a8f05f</a></strong>
<div>
<span>by Deepak Punia</span>
<i>at 2020-07-10T09:03:57-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Adding downstream tier0-sanity job to upstream
installation-acme
role-user-creation-topo-02
topo-01-role-user-creation
Signed-off-by: Deepak Punia <dpunia@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1df72734f9e9931002c83bc54838caa67a2c3c61">1df72734</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-10T09:11:41-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored PostgreSQLDatabase.getExpiredNonces()
The PostgreSQLDatabase.getExpiredNonces() has been modified
to only return the nonce values.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/eca5c92681ceec9e11bfaed3560464bdc28cc678">eca5c926</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-10T09:11:41-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactored ACMEChallengeProcessor.processChallenge()
The code that finalizes valid and invalid authorizations in
ACMEChallengeProcessor.processChallenge() has been moved into
finalizeValidAuthorization() and finalizeInvalidAuthorization().
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/020a3b3027e66e82b7c50a1c7d2469c71e29a54f">020a3b30</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-10T09:11:41-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Added log messages in LDAPDatabase
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d0d803c878c9a778c57f98d2e83f36709834d1d5">d0d803c8</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-10T09:11:41-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Updated version number to 10.9.0-0.6.unstable (beta 4)
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/4ae9c7b1712174c80a7ed25028239664899ae64c">4ae9c7b1</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-10T09:42:48-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed PostgreSQL orders.expires constraints
The PostgreSQL orders.expires column has been modified
to become optional.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/69e9d81ba7b0123c58d3fba2449d241eadb03baa">69e9d81b</a></strong>
<div>
<span>by Endi S. Dewata</span>
<i>at 2020-07-10T09:42:53-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed PostgreSQL authorizations.expires constraints
The PostgreSQL authorizations.expires column has been
modified to become optional.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/fed60474d9830417200a10b4966c6c7b69bbf905">fed60474</a></strong>
<div>
<span>by Christina Fu</span>
<i>at 2020-07-10T15:02:54-07:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Bug 1805541-refactor:[RFE] CA Certificate Transparency with Embedded Signed Certificate Time stamp
This patch reafactors the Certificate Transparency code.
More refinement to come, but for this patche:
- the majority of the CT v1 code originally in CAService.java now goes
into CTEngine.java;
- some utility methods go into CertUtils.java
- new CT enablement logic is introduced to replace the original one:
The logic of whether SCT extension is to be added to the issued
cert or not now goes like this:
IN CS.cfg
* CT mode is controlled by ca.certTransparency.mode
* There are three CT modes:
* disabled: issued certs will not carry SCT extension
* enabled: issued certs will carry SCT extension
* perProfile: certs enrolled through those profiles
* that contain the following policyset
* will carry SCT extension
* SignedCertificateTimestampListExtDefaultImpl
* default is true
* if unknow mode then error will be thrown.
https://bugzilla.redhat.com/show_bug.cgi?id=1805541
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/7e5db5d6ab8ca4330f95a55b8c5e64147ead1fa1">7e5db5d6</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-07-28T17:56:02+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge branch 'upstream-next' into master-next
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/17eeac2b41a7395f2952a02b216d20fab6cac871">17eeac2b</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-07-28T17:57:29+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">bump the version
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/d67babb5ea550814ebc7abfe5997e4b906071149">d67babb5</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-07-28T20:48:09+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">server.install: Updated.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/6ad317cc546574fc5f0c981de9c712425b648d1c">6ad317cc</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-07-28T22:03:08+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">fix-upgrade-script.diff: Fix hardcoding /etc/sysconfig on an upgrade script.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/commit/1adc82257e6015af3ace7de8faa868db8ccc6310">1adc8225</a></strong>
<div>
<span>by Timo Aaltonen</span>
<i>at 2020-07-30T21:28:18+03:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">WIP add xml-apis
</pre>
</li>
</ul>
<h4>30 changed files:</h4>
<ul>
<li class="file-stats">
<a href="#0b3cc8b828fd333d07b22c8f8cd7923f0bf75ea9">
base/acme/CMakeLists.txt
</a>
</li>
<li class="file-stats">
<a href="#63ffd8e45cfcae6135a76ec084286fce4acc3a2f">
<span class="new-file">
+
base/acme/Dockerfile
</span>
</a>
</li>
<li class="file-stats">
<a href="#da91ed988e696479a7811434d238186996337061">
<span class="new-file">
+
base/acme/conf/scheduler.conf
</span>
</a>
</li>
<li class="file-stats">
<a href="#cfa8b901bce5d4dd7d2ba2cf819e2b7ee1a8ae5e">
base/acme/conf/database/in-memory/database.conf
→
base/acme/database/in-memory/database.conf
</a>
</li>
<li class="file-stats">
<a href="#cd414bf01c797d3be6764d5c5d7c98cf9de39ac0">
base/acme/conf/database/ldap/create.ldif
→
base/acme/database/ldap/create.ldif
</a>
</li>
<li class="file-stats">
<a href="#770f6efce9770f3dcdc8ff0655313bca2334f7a0">
base/acme/conf/database/ldap/database.conf
→
base/acme/database/ldap/database.conf
</a>
</li>
<li class="file-stats">
<a href="#2b90e8da42abde5c1605767936beb0e202a3e02f">
base/acme/conf/database/ldap/schema.ldif
→
base/acme/database/ldap/schema.ldif
</a>
</li>
<li class="file-stats">
<a href="#09e2e7949ea81561c8eec8bd61d7b74d4a27392a">
base/acme/conf/database/postgresql/create.sql
→
base/acme/database/postgresql/create.sql
</a>
</li>
<li class="file-stats">
<a href="#1d30cdf549e58be2c3de419d367702c40b6de24a">
base/acme/conf/database/postgresql/database.conf
→
base/acme/database/postgresql/database.conf
</a>
</li>
<li class="file-stats">
<a href="#6f049b0c092ff159fd4e1ebd30f0939fb652ec1b">
base/acme/conf/database/postgresql/drop.sql
→
base/acme/database/postgresql/drop.sql
</a>
</li>
<li class="file-stats">
<a href="#f88eee053fb2ebc8ec64730ea2a26bf82714ecc3">
base/acme/conf/database/postgresql/statements.conf
→
base/acme/database/postgresql/statements.conf
</a>
</li>
<li class="file-stats">
<a href="#df4212ae2676b8911805ff064b4a156f39bfd859">
<span class="new-file">
+
base/acme/issuer/nss/ca_signing.conf
</span>
</a>
</li>
<li class="file-stats">
<a href="#69bf2c7992257dd1343211a5a106d2b67c0f3b5c">
<span class="new-file">
+
base/acme/issuer/nss/issuer.conf
</span>
</a>
</li>
<li class="file-stats">
<a href="#b0d06e9530190f72cc266eae534b58c1b4fe3528">
<span class="new-file">
+
base/acme/issuer/nss/sslserver.conf
</span>
</a>
</li>
<li class="file-stats">
<a href="#d81459437271930afb0f2674c508548e08ac34d8">
base/acme/conf/issuer/pki/issuer.conf
→
base/acme/issuer/pki/issuer.conf
</a>
</li>
<li class="file-stats">
<a href="#d1b41b2bc7573bd998bb9f8da9b76cc58e89a647">
<span class="new-file">
+
base/acme/openshift/pki-acme-certs.yaml
</span>
</a>
</li>
<li class="file-stats">
<a href="#249eb09eefad52de4b9ed8781b08fd379e7dbe40">
<span class="new-file">
+
base/acme/openshift/pki-acme-database.yaml
</span>
</a>
</li>
<li class="file-stats">
<a href="#c565b1970758217a97cb948e724f423c9f0ad719">
<span class="new-file">
+
base/acme/openshift/pki-acme-deployment.yaml
</span>
</a>
</li>
<li class="file-stats">
<a href="#bcbf49f0483745ffaa41d222adcf1196a2615885">
<span class="new-file">
+
base/acme/openshift/pki-acme-is.yaml
</span>
</a>
</li>
<li class="file-stats">
<a href="#a0fe44ed5cab5a0fd6768967458f62e2da03b026">
<span class="new-file">
+
base/acme/openshift/pki-acme-issuer.yaml
</span>
</a>
</li>
<li class="file-stats">
<a href="#9fdca7ddc622af12af706e3bec4d64760410530e">
<span class="new-file">
+
base/acme/openshift/pki-acme-metadata.yaml
</span>
</a>
</li>
<li class="file-stats">
<a href="#4184a169ebb95e077ba16a0bbb8ed88951ad502f">
<span class="new-file">
+
base/acme/openshift/pki-acme-route.yaml
</span>
</a>
</li>
<li class="file-stats">
<a href="#842eaa5a21aef4b21725ae633c080759925e4e0c">
<span class="new-file">
+
base/acme/openshift/pki-acme-svc.yaml
</span>
</a>
</li>
<li class="file-stats">
<a href="#81e9cce3810533652ac172671aae8e2aaf9328c3">
<span class="new-file">
+
base/acme/sbin/pki-acme-run
</span>
</a>
</li>
<li class="file-stats">
<a href="#a17a3cb8539654ed6e9c2adef3123ca576f48261">
base/acme/src/main/java/org/dogtagpki/acme/database/ACMEDatabase.java
</a>
</li>
<li class="file-stats">
<a href="#5e831ad71af50ecaf98a689edf14db289c23c195">
base/acme/src/main/java/org/dogtagpki/acme/database/InMemoryDatabase.java
</a>
</li>
<li class="file-stats">
<a href="#7e3c3d62d988f7e26b4abd3137c39eb978a8511d">
base/acme/src/main/java/org/dogtagpki/acme/database/LDAPDatabase.java
</a>
</li>
<li class="file-stats">
<a href="#1acf49d2a16e773f07e9d9851ade895587a365c1">
base/acme/src/main/java/org/dogtagpki/acme/database/PostgreSQLDatabase.java
</a>
</li>
<li class="file-stats">
<a href="#25caf75bac59a0d20e46aeeb21a86c11f882bb9f">
<span class="new-file">
+
base/acme/src/main/java/org/dogtagpki/acme/issuer/NSSIssuer.java
</span>
</a>
</li>
<li class="file-stats">
<a href="#d3eb5bfa7996cf73eeea98e5b31d1713bda24dca">
base/acme/src/main/java/org/dogtagpki/acme/issuer/PKIIssuer.java
</a>
</li>
</ul>
<h5>The diff was not included because it is too large.</h5>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777;">
—
<br>
<a href="https://salsa.debian.org/freeipa-team/dogtag-pki/-/compare/ac78c2b0d6650a6e5a8047fe7c84a0fb02292dba...1adc82257e6015af3ace7de8faa868db8ccc6310">View it on GitLab</a>.
<br>
You're receiving this email because of your account on salsa.debian.org.
If you'd like to receive fewer emails, you can
adjust your notification settings.
</p>
</div>
</body>
</html>