[Pkg-freeipa-devel] certmonger: Changes to 'upstream'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Mon Feb 22 06:15:54 UTC 2016
certmonger.spec | 6
configure.ac | 2
src/certmonger-dogtag-ipa-renew-agent-submit.8.in | 24 +++
src/certmonger-dogtag-submit.8.in | 6
tests/001-keyiread-rsa/expected.out | 2
tests/001-keyiread-rsa/run.sh | 4
tests/001-keyiread/expected.out | 2
tests/001-keyiread/run.sh | 4
tests/002-keygen-dsa/expected.out | 6
tests/002-keygen-dsa/expected.out.2 | 6
tests/002-keygen-dsa/expected.out.3 | 6
tests/002-keygen-dsa/run.sh | 4
tests/002-keygen-rsa/expected.out | 6
tests/002-keygen-rsa/run.sh | 4
tests/002-keygen/expected.out | 18 --
tests/002-keygen/run.sh | 4
tests/003-csrgen-rsa/expected.out | 124 ++++++++---------
tests/003-csrgen-rsa/run.sh | 4
tests/003-csrgen/expected.out | 157 ++++++++++------------
tests/003-csrgen/run.sh | 4
tests/004-selfsign-rsa/expected.out | 1
tests/004-selfsign-rsa/run.sh | 2
tests/004-selfsign/expected.out | 1
tests/004-selfsign/run.sh | 2
24 files changed, 185 insertions(+), 214 deletions(-)
New commits:
commit 0b9b15b4112a1729df95c90eed1bc386da94841a
Author: Nalin Dahyabhai <nalin at redhat.com>
Date: Wed Jan 13 10:23:02 2016 -0500
tag 0.78.6
diff --git a/certmonger.spec b/certmonger.spec
index 1038ec0..99405db 100644
--- a/certmonger.spec
+++ b/certmonger.spec
@@ -25,7 +25,7 @@
%endif
Name: certmonger
-Version: 0.78.5
+Version: 0.78.6
Release: 1%{?dist}
Summary: Certificate status monitor and PKI enrollment client
@@ -242,6 +242,10 @@ exit 0
%endif
%changelog
+* Wed Jan 13 2016 Nalin Dahyabhai <nalin at redhat.com> 0.78.6-1
+- document the -R, -N, -o, and -t flags for dogtag-ipa-renew-agent-submit
+- stop checking that we can generate 512 bit keys during self-tests
+
* Thu Nov 12 2015 Nalin Dahyabhai <nalin at redhat.com> 0.78.5-1
- fix a possible uninitialized memory read (possibly #1260871)
- log a diagnostic error when we fail to initialize libkrb5
diff --git a/configure.ac b/configure.ac
index 91e71f0..cbf2b68 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT(certmonger,0.78.5)
+AC_INIT(certmonger,0.78.6)
AM_INIT_AUTOMAKE([foreign subdir-objects])
AC_CONFIG_MACRO_DIR(m4)
AM_MAINTAINER_MODE([enable])
commit 932ff18b8b49de3e902027767474cc6ebaf384b3
Author: Nalin Dahyabhai <nalin at redhat.com>
Date: Wed Jan 13 09:38:13 2016 -0500
Stop assuming RSA 512 works, part two
Catch up a couple of the other valid output sets.
diff --git a/tests/002-keygen-dsa/expected.out.2 b/tests/002-keygen-dsa/expected.out.2
index 9275baf..7445bcc 100644
--- a/tests/002-keygen-dsa/expected.out.2
+++ b/tests/002-keygen-dsa/expected.out.2
@@ -1,6 +1,3 @@
-[nss:512]
-OK.
-OK (DSA:3072).
[nss:1024]
OK.
OK (DSA:1024).
@@ -20,9 +17,6 @@ OK (DSA:3072).
Failed to save NSS:${tmpdir}/rosubdir: need fs permissions.
[nss:rwsubdir]
Failed to save NSS:${tmpdir}/rwsubdir: need fs permissions.
-[openssl:512]
-OK.
-OK (DSA:512).
[openssl:1024]
OK.
OK (DSA:1024).
diff --git a/tests/002-keygen-dsa/expected.out.3 b/tests/002-keygen-dsa/expected.out.3
index c8547b4..0f563e2 100644
--- a/tests/002-keygen-dsa/expected.out.3
+++ b/tests/002-keygen-dsa/expected.out.3
@@ -1,6 +1,3 @@
-[nss:512]
-OK.
-OK (DSA:512).
[nss:1024]
OK.
OK (DSA:1016).
@@ -20,9 +17,6 @@ OK (DSA:3072).
Failed to save NSS:${tmpdir}/rosubdir: need fs permissions.
[nss:rwsubdir]
Failed to save NSS:${tmpdir}/rwsubdir: need fs permissions.
-[openssl:512]
-OK.
-OK (DSA:512).
[openssl:1024]
OK.
OK (DSA:1024).
commit e21730e4f7f0133f0ceedb29fa7151f8842a9e1f
Author: Nalin Dahyabhai <nalin at redhat.com>
Date: Tue Jan 12 17:27:18 2016 -0500
Stop assuming RSA 512 works
For the sake of F24, stop assuming that we'll be able to generate
512-bit RSA keys. We use certutil to do some of it, and it doesn't give
us a way to toggle support on.
diff --git a/tests/001-keyiread-rsa/expected.out b/tests/001-keyiread-rsa/expected.out
index fa3493c..727897d 100644
--- a/tests/001-keyiread-rsa/expected.out
+++ b/tests/001-keyiread-rsa/expected.out
@@ -1,10 +1,8 @@
-OK (RSA:512).
OK (RSA:1024).
OK (RSA:1536).
OK (RSA:2048).
OK (RSA:3072).
OK (RSA:4096).
-OK (RSA:512).
OK (RSA:1024).
OK (RSA:1536).
OK (RSA:2048).
diff --git a/tests/001-keyiread-rsa/run.sh b/tests/001-keyiread-rsa/run.sh
index b5ac715..c7b7768 100755
--- a/tests/001-keyiread-rsa/run.sh
+++ b/tests/001-keyiread-rsa/run.sh
@@ -5,7 +5,7 @@ cd "$tmpdir"
source "$srcdir"/functions
initnssdb "$tmpdir"
-for size in 512 1024 1536 2048 3072 4096 ; do
+for size in 1024 1536 2048 3072 4096 ; do
# Generate a self-signed cert.
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
-s "cn=T$size" -c "cn=T$size" \
@@ -30,7 +30,7 @@ for size in 512 1024 1536 2048 3072 4096 ; do
$toolsdir/keyiread entry.nss.$size
done
-for size in 512 1024 1536 2048 3072 4096 ; do
+for size in 1024 1536 2048 3072 4096 ; do
# Generate a key.
openssl genrsa $size > sample.$size 2> /dev/null
# Check the size of the key.
diff --git a/tests/001-keyiread/expected.out b/tests/001-keyiread/expected.out
index fa3493c..727897d 100644
--- a/tests/001-keyiread/expected.out
+++ b/tests/001-keyiread/expected.out
@@ -1,10 +1,8 @@
-OK (RSA:512).
OK (RSA:1024).
OK (RSA:1536).
OK (RSA:2048).
OK (RSA:3072).
OK (RSA:4096).
-OK (RSA:512).
OK (RSA:1024).
OK (RSA:1536).
OK (RSA:2048).
diff --git a/tests/001-keyiread/run.sh b/tests/001-keyiread/run.sh
index d95043d..ce1428e 100755
--- a/tests/001-keyiread/run.sh
+++ b/tests/001-keyiread/run.sh
@@ -5,7 +5,7 @@ cd "$tmpdir"
source "$srcdir"/functions
initnssdb "$tmpdir"
-for size in 512 1024 1536 2048 3072 4096 ; do
+for size in 1024 1536 2048 3072 4096 ; do
# Generate a self-signed cert.
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
-s "cn=T$size" -c "cn=T$size" \
@@ -30,7 +30,7 @@ for size in 512 1024 1536 2048 3072 4096 ; do
$toolsdir/keyiread entry.nss.$size
done
-for size in 512 1024 1536 2048 3072 4096 ; do
+for size in 1024 1536 2048 3072 4096 ; do
# Generate a key.
openssl genrsa $size > sample.$size 2> /dev/null
# Check the size of the key.
diff --git a/tests/002-keygen-dsa/expected.out b/tests/002-keygen-dsa/expected.out
index f2a44d2..7445bcc 100644
--- a/tests/002-keygen-dsa/expected.out
+++ b/tests/002-keygen-dsa/expected.out
@@ -1,6 +1,3 @@
-[nss:512]
-OK.
-OK (DSA:512).
[nss:1024]
OK.
OK (DSA:1024).
@@ -20,9 +17,6 @@ OK (DSA:3072).
Failed to save NSS:${tmpdir}/rosubdir: need fs permissions.
[nss:rwsubdir]
Failed to save NSS:${tmpdir}/rwsubdir: need fs permissions.
-[openssl:512]
-OK.
-OK (DSA:512).
[openssl:1024]
OK.
OK (DSA:1024).
diff --git a/tests/002-keygen-dsa/run.sh b/tests/002-keygen-dsa/run.sh
index fad19de..d9cff0e 100755
--- a/tests/002-keygen-dsa/run.sh
+++ b/tests/002-keygen-dsa/run.sh
@@ -5,7 +5,7 @@ cd "$tmpdir"
source "$srcdir"/functions
initnssdb "$tmpdir"
-for size in 512 1024 1536 2048 3072 4096 ; do
+for size in 1024 1536 2048 3072 4096 ; do
echo "[nss:$size]"
# Generate a key.
cat > entry.$size <<- EOF
@@ -41,7 +41,7 @@ key_gen_type=DSA
EOF
$toolsdir/keygen entry.$size || true
-for size in 512 1024 1536 2048 3072 4096 ; do
+for size in 1024 1536 2048 3072 4096 ; do
echo "[openssl:$size]"
# Generate a key.
cat > entry.$size <<- EOF
diff --git a/tests/002-keygen-rsa/expected.out b/tests/002-keygen-rsa/expected.out
index 33f0f48..3e6e9f3 100644
--- a/tests/002-keygen-rsa/expected.out
+++ b/tests/002-keygen-rsa/expected.out
@@ -1,6 +1,3 @@
-[nss:512]
-OK.
-OK (RSA:512).
[nss:1024]
OK.
OK (RSA:1024).
@@ -20,9 +17,6 @@ OK (RSA:4096).
Failed to save NSS:${tmpdir}/rosubdir: need fs permissions.
[nss:rwsubdir]
Failed to save NSS:${tmpdir}/rwsubdir: need fs permissions.
-[openssl:512]
-OK.
-OK (RSA:512).
[openssl:1024]
OK.
OK (RSA:1024).
diff --git a/tests/002-keygen-rsa/run.sh b/tests/002-keygen-rsa/run.sh
index b133edd..476f412 100755
--- a/tests/002-keygen-rsa/run.sh
+++ b/tests/002-keygen-rsa/run.sh
@@ -5,7 +5,7 @@ cd "$tmpdir"
source "$srcdir"/functions
initnssdb "$tmpdir"
-for size in 512 1024 1536 2048 3072 4096 ; do
+for size in 1024 1536 2048 3072 4096 ; do
echo "[nss:$size]"
# Generate a key.
cat > entry.$size <<- EOF
@@ -41,7 +41,7 @@ key_gen_type=RSA
EOF
$toolsdir/keygen entry.$size || true
-for size in 512 1024 1536 2048 3072 4096 ; do
+for size in 1024 1536 2048 3072 4096 ; do
echo "[openssl:$size]"
# Generate a key.
cat > entry.$size <<- EOF
diff --git a/tests/002-keygen/expected.out b/tests/002-keygen/expected.out
index f47d2d5..ff56372 100644
--- a/tests/002-keygen/expected.out
+++ b/tests/002-keygen/expected.out
@@ -1,12 +1,3 @@
-[nss:512]
-OK.
-OK (RSA:512).
-OK.
-OK (RSA:512 after RSA:512).
-OK.
-OK (RSA:512 after RSA:512).
-keyi512
-keyi512 (candidate (next))
[nss:1024]
OK.
OK (RSA:1024).
@@ -56,15 +47,6 @@ keyi4096 (candidate (next))
Failed to save NSS:${tmpdir}/rosubdir: need fs permissions.
[nss:rwsubdir]
Failed to save NSS:${tmpdir}/rwsubdir: need fs permissions.
-[openssl:512]
-OK.
-OK (RSA:512).
-OK.
-OK (RSA:512 after RSA:512).
-OK.
-OK (RSA:512 after RSA:512).
-${tmpdir}/sample.512
-${tmpdir}/sample.512.(next).key
[openssl:1024]
OK.
OK (RSA:1024).
diff --git a/tests/002-keygen/run.sh b/tests/002-keygen/run.sh
index a0867cf..f550fee 100755
--- a/tests/002-keygen/run.sh
+++ b/tests/002-keygen/run.sh
@@ -5,7 +5,7 @@ cd "$tmpdir"
source "$srcdir"/functions
initnssdb "$tmpdir"
-for size in 512 1024 1536 2048 3072 4096 ; do
+for size in 1024 1536 2048 3072 4096 ; do
echo "[nss:$size]"
# Generate a key.
cat > entry.$size <<- EOF
@@ -49,7 +49,7 @@ key_gen_size=$size
EOF
$toolsdir/keygen entry.$size || true
-for size in 512 1024 1536 2048 3072 4096 ; do
+for size in 1024 1536 2048 3072 4096 ; do
echo "[openssl:$size]"
# Generate a key.
cat > entry.$size <<- EOF
diff --git a/tests/003-csrgen-rsa/expected.out b/tests/003-csrgen-rsa/expected.out
index 7b67eab..e058e85 100644
--- a/tests/003-csrgen-rsa/expected.out
+++ b/tests/003-csrgen-rsa/expected.out
@@ -1,9 +1,5 @@
pk12util: PKCS12 EXPORT SUCCESSFUL
MAC verified OK
-512 OK.
-Signature OK
-pk12util: PKCS12 EXPORT SUCCESSFUL
-MAC verified OK
1024 OK.
Signature OK
pk12util: PKCS12 EXPORT SUCCESSFUL
@@ -23,70 +19,70 @@ MAC verified OK
4096 OK.
Signature OK
The last CSR (the one with everything) was:
- 0:d=0 hl=4 l=1019 cons: SEQUENCE
- 4:d=1 hl=4 l= 933 cons: SEQUENCE
+ 0:d=0 hl=4 l=1413 cons: SEQUENCE
+ 4:d=1 hl=4 l=1133 cons: SEQUENCE
8:d=2 hl=2 l= 1 prim: INTEGER :00
11:d=2 hl=2 l= 22 cons: SEQUENCE
13:d=3 hl=2 l= 20 cons: SET
15:d=4 hl=2 l= 18 cons: SEQUENCE
17:d=5 hl=2 l= 3 prim: OBJECT :commonName
22:d=5 hl=2 l= 11 prim: PRINTABLESTRING :Babs Jensen
- 35:d=2 hl=2 l= 92 cons: SEQUENCE
- 37:d=3 hl=2 l= 13 cons: SEQUENCE
- 39:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
- 50:d=4 hl=2 l= 0 prim: NULL
- 52:d=3 hl=2 l= 75 prim: BIT STRING
- 129:d=2 hl=4 l= 808 cons: cont [ 0 ]
- 133:d=3 hl=2 l= 52 cons: SEQUENCE
- 135:d=4 hl=2 l= 9 prim: OBJECT :challengePassword
- 146:d=4 hl=2 l= 39 cons: SET
- 148:d=5 hl=2 l= 37 prim: PRINTABLESTRING :ChallengePasswordIsEncodedInPlainText
- 187:d=3 hl=2 l= 61 cons: SEQUENCE
- 189:d=4 hl=2 l= 9 prim: OBJECT :friendlyName
- 200:d=4 hl=2 l= 48 cons: SET
- 202:d=5 hl=2 l= 46 prim: BMPSTRING
- 250:d=3 hl=4 l= 687 cons: SEQUENCE
- 254:d=4 hl=2 l= 9 prim: OBJECT :Extension Request
- 265:d=4 hl=4 l= 672 cons: SET
- 269:d=5 hl=4 l= 668 cons: SEQUENCE
- 273:d=6 hl=2 l= 14 cons: SEQUENCE
- 275:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
- 280:d=7 hl=2 l= 1 prim: BOOLEAN :0
- 283:d=7 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205E0
- 289:d=6 hl=4 l= 264 cons: SEQUENCE
- 293:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name
- 298:d=7 hl=2 l= 1 prim: BOOLEAN :0
- 301:d=7 hl=3 l= 253 prim: OCTET STRING [HEX DUMP]:3081FA82096C6F63616C686F737482156C6F63616C686F73742E6C6F63616C646F6D61696E810E726F6F74406C6F63616C686F7374811A726F6F74406C6F63616C686F73742E6C6F63616C646F6D61696EA020060A2B060104018237140203A0120C10726F6F74404558414D504C452E434F4DA02E06062B0601050202A0243022A00D1B0B4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F74A024060A2B060104018237140203A0160C14726F6F7440464F4F2E4558414D504C452E434F4DA03206062B0601050202A0283026A0111B0F464F4F2E4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F74
- 557:d=6 hl=2 l= 32 cons: SEQUENCE
- 559:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
- 564:d=7 hl=2 l= 1 prim: BOOLEAN :0
- 567:d=7 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030206082B06010505070304
- 591:d=6 hl=2 l= 18 cons: SEQUENCE
- 593:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
- 598:d=7 hl=2 l= 1 prim: BOOLEAN :255
- 601:d=7 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:30060101FF020103
- 611:d=6 hl=2 l= 34 cons: SEQUENCE
- 613:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
- 618:d=7 hl=2 l= 1 prim: BOOLEAN :0
- 621:d=7 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014A9993E364706816ABA3E25717850C26C9CD0D89D
- 647:d=6 hl=2 l= 32 cons: SEQUENCE
- 649:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
- 654:d=7 hl=2 l= 1 prim: BOOLEAN :0
- 657:d=7 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414A9993E364706816ABA3E25717850C26C9CD0D89D
- 681:d=6 hl=2 l= 107 cons: SEQUENCE
- 683:d=7 hl=2 l= 8 prim: OBJECT :Authority Information Access
- 693:d=7 hl=2 l= 1 prim: BOOLEAN :0
- 696:d=7 hl=2 l= 92 prim: OCTET STRING [HEX DUMP]:305A302B06082B06010505073001861F687474703A2F2F6F6373702D312E6578616D706C652E636F6D3A3132333435302B06082B06010505073001861F687474703A2F2F6F6373702D322E6578616D706C652E636F6D3A3132333435
- 790:d=6 hl=2 l= 96 cons: SEQUENCE
- 792:d=7 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points
- 797:d=7 hl=2 l= 1 prim: BOOLEAN :0
- 800:d=7 hl=2 l= 86 prim: OCTET STRING [HEX DUMP]:30543028A026A0248622687474703A2F2F63726C2D312E6578616D706C652E636F6D3A31323334352F6765743028A026A0248622687474703A2F2F63726C2D322E6578616D706C652E636F6D3A31323334352F676574
- 888:d=6 hl=2 l= 51 cons: SEQUENCE
- 890:d=7 hl=2 l= 9 prim: OBJECT :Netscape Comment
- 901:d=7 hl=2 l= 1 prim: BOOLEAN :0
- 904:d=7 hl=2 l= 35 prim: OCTET STRING [HEX DUMP]:1621636572746D6F6E6765722067656E65726174656420746869732072657175657374
- 941:d=1 hl=2 l= 13 cons: SEQUENCE
- 943:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
- 954:d=2 hl=2 l= 0 prim: NULL
- 956:d=1 hl=2 l= 65 prim: BIT STRING
+ 35:d=2 hl=4 l= 290 cons: SEQUENCE
+ 39:d=3 hl=2 l= 13 cons: SEQUENCE
+ 41:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
+ 52:d=4 hl=2 l= 0 prim: NULL
+ 54:d=3 hl=4 l= 271 prim: BIT STRING
+ 329:d=2 hl=4 l= 808 cons: cont [ 0 ]
+ 333:d=3 hl=2 l= 52 cons: SEQUENCE
+ 335:d=4 hl=2 l= 9 prim: OBJECT :challengePassword
+ 346:d=4 hl=2 l= 39 cons: SET
+ 348:d=5 hl=2 l= 37 prim: PRINTABLESTRING :ChallengePasswordIsEncodedInPlainText
+ 387:d=3 hl=2 l= 61 cons: SEQUENCE
+ 389:d=4 hl=2 l= 9 prim: OBJECT :friendlyName
+ 400:d=4 hl=2 l= 48 cons: SET
+ 402:d=5 hl=2 l= 46 prim: BMPSTRING
+ 450:d=3 hl=4 l= 687 cons: SEQUENCE
+ 454:d=4 hl=2 l= 9 prim: OBJECT :Extension Request
+ 465:d=4 hl=4 l= 672 cons: SET
+ 469:d=5 hl=4 l= 668 cons: SEQUENCE
+ 473:d=6 hl=2 l= 14 cons: SEQUENCE
+ 475:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
+ 480:d=7 hl=2 l= 1 prim: BOOLEAN :0
+ 483:d=7 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205E0
+ 489:d=6 hl=4 l= 264 cons: SEQUENCE
+ 493:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name
+ 498:d=7 hl=2 l= 1 prim: BOOLEAN :0
+ 501:d=7 hl=3 l= 253 prim: OCTET STRING [HEX DUMP]:3081FA82096C6F63616C686F737482156C6F63616C686F73742E6C6F63616C646F6D61696E810E726F6F74406C6F63616C686F7374811A726F6F74406C6F63616C686F73742E6C6F63616C646F6D61696EA020060A2B060104018237140203A0120C10726F6F74404558414D504C452E434F4DA02E06062B0601050202A0243022A00D1B0B4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F74A024060A2B060104018237140203A0160C14726F6F7440464F4F2E4558414D504C452E434F4DA03206062B0601050202A0283026A0111B0F464F4F2E4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F74
+ 757:d=6 hl=2 l= 32 cons: SEQUENCE
+ 759:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
+ 764:d=7 hl=2 l= 1 prim: BOOLEAN :0
+ 767:d=7 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030206082B06010505070304
+ 791:d=6 hl=2 l= 18 cons: SEQUENCE
+ 793:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
+ 798:d=7 hl=2 l= 1 prim: BOOLEAN :255
+ 801:d=7 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:30060101FF020103
+ 811:d=6 hl=2 l= 34 cons: SEQUENCE
+ 813:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
+ 818:d=7 hl=2 l= 1 prim: BOOLEAN :0
+ 821:d=7 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014A9993E364706816ABA3E25717850C26C9CD0D89D
+ 847:d=6 hl=2 l= 32 cons: SEQUENCE
+ 849:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
+ 854:d=7 hl=2 l= 1 prim: BOOLEAN :0
+ 857:d=7 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414A9993E364706816ABA3E25717850C26C9CD0D89D
+ 881:d=6 hl=2 l= 107 cons: SEQUENCE
+ 883:d=7 hl=2 l= 8 prim: OBJECT :Authority Information Access
+ 893:d=7 hl=2 l= 1 prim: BOOLEAN :0
+ 896:d=7 hl=2 l= 92 prim: OCTET STRING [HEX DUMP]:305A302B06082B06010505073001861F687474703A2F2F6F6373702D312E6578616D706C652E636F6D3A3132333435302B06082B06010505073001861F687474703A2F2F6F6373702D322E6578616D706C652E636F6D3A3132333435
+ 990:d=6 hl=2 l= 96 cons: SEQUENCE
+ 992:d=7 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points
+ 997:d=7 hl=2 l= 1 prim: BOOLEAN :0
+ 1000:d=7 hl=2 l= 86 prim: OCTET STRING [HEX DUMP]:30543028A026A0248622687474703A2F2F63726C2D312E6578616D706C652E636F6D3A31323334352F6765743028A026A0248622687474703A2F2F63726C2D322E6578616D706C652E636F6D3A31323334352F676574
+ 1088:d=6 hl=2 l= 51 cons: SEQUENCE
+ 1090:d=7 hl=2 l= 9 prim: OBJECT :Netscape Comment
+ 1101:d=7 hl=2 l= 1 prim: BOOLEAN :0
+ 1104:d=7 hl=2 l= 35 prim: OCTET STRING [HEX DUMP]:1621636572746D6F6E6765722067656E65726174656420746869732072657175657374
+ 1141:d=1 hl=2 l= 13 cons: SEQUENCE
+ 1143:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
+ 1154:d=2 hl=2 l= 0 prim: NULL
+ 1156:d=1 hl=4 l= 257 prim: BIT STRING
Test complete (32 combinations).
diff --git a/tests/003-csrgen-rsa/run.sh b/tests/003-csrgen-rsa/run.sh
index c049dd0..7f1e7b4 100755
--- a/tests/003-csrgen-rsa/run.sh
+++ b/tests/003-csrgen-rsa/run.sh
@@ -5,7 +5,7 @@ cd "$tmpdir"
source "$srcdir"/functions
initnssdb "$tmpdir"
-for size in 512 1024 1536 2048 3072 4096 ; do
+for size in 1024 1536 2048 3072 4096 ; do
# Build a self-signed certificate.
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
-s "cn=T$size" -c "cn=T$size" \
@@ -216,7 +216,7 @@ for nscomment in "" "certmonger generated this request" ; do
done
nscomment=
-size=512
+size=2048
subject="CN=Babs Jensen"
hostname=localhost,localhost.localdomain
email=root at localhost,root at localhost.localdomain
diff --git a/tests/003-csrgen/expected.out b/tests/003-csrgen/expected.out
index 7f4586c..5108316 100644
--- a/tests/003-csrgen/expected.out
+++ b/tests/003-csrgen/expected.out
@@ -1,11 +1,6 @@
pk12util: PKCS12 EXPORT SUCCESSFUL
MAC verified OK
Signature OK
-minicert.openssl.512.pem: OK
-512 OK.
-pk12util: PKCS12 EXPORT SUCCESSFUL
-MAC verified OK
-Signature OK
minicert.openssl.1024.pem: OK
1024 OK.
pk12util: PKCS12 EXPORT SUCCESSFUL
@@ -29,86 +24,86 @@ Signature OK
minicert.openssl.4096.pem: OK
4096 OK.
The last CSR (the one with everything) was:
- 0:d=0 hl=4 l=1241 cons: SEQUENCE
- 4:d=1 hl=4 l=1155 cons: SEQUENCE
+ 0:d=0 hl=4 l=1635 cons: SEQUENCE
+ 4:d=1 hl=4 l=1355 cons: SEQUENCE
8:d=2 hl=2 l= 1 prim: INTEGER :00
11:d=2 hl=2 l= 22 cons: SEQUENCE
13:d=3 hl=2 l= 20 cons: SET
15:d=4 hl=2 l= 18 cons: SEQUENCE
17:d=5 hl=2 l= 3 prim: OBJECT :commonName
22:d=5 hl=2 l= 11 prim: PRINTABLESTRING :Babs Jensen
- 35:d=2 hl=2 l= 92 cons: SEQUENCE
- 37:d=3 hl=2 l= 13 cons: SEQUENCE
- 39:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
- 50:d=4 hl=2 l= 0 prim: NULL
- 52:d=3 hl=2 l= 75 prim: BIT STRING
- 129:d=2 hl=4 l=1030 cons: cont [ 0 ]
- 133:d=3 hl=2 l= 52 cons: SEQUENCE
- 135:d=4 hl=2 l= 9 prim: OBJECT :challengePassword
- 146:d=4 hl=2 l= 39 cons: SET
- 148:d=5 hl=2 l= 37 prim: PRINTABLESTRING :ChallengePasswordIsEncodedInPlainText
- 187:d=3 hl=2 l= 61 cons: SEQUENCE
- 189:d=4 hl=2 l= 9 prim: OBJECT :friendlyName
- 200:d=4 hl=2 l= 48 cons: SET
- 202:d=5 hl=2 l= 46 prim: BMPSTRING
- 250:d=3 hl=4 l= 909 cons: SEQUENCE
- 254:d=4 hl=2 l= 9 prim: OBJECT :Extension Request
- 265:d=4 hl=4 l= 894 cons: SET
- 269:d=5 hl=4 l= 890 cons: SEQUENCE
- 273:d=6 hl=2 l= 14 cons: SEQUENCE
- 275:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
- 280:d=7 hl=2 l= 1 prim: BOOLEAN :0
- 283:d=7 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205E0
- 289:d=6 hl=4 l= 290 cons: SEQUENCE
- 293:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name
- 298:d=7 hl=2 l= 1 prim: BOOLEAN :0
- 301:d=7 hl=4 l= 278 prim: OCTET STRING [HEX DUMP]:3082011282096C6F63616C686F737482156C6F63616C686F73742E6C6F63616C646F6D61696E810E726F6F74406C6F63616C686F7374811A726F6F74406C6F63616C686F73742E6C6F63616C646F6D61696EA020060A2B060104018237140203A0120C10726F6F74404558414D504C452E434F4DA02E06062B0601050202A0243022A00D1B0B4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F74A024060A2B060104018237140203A0160C14726F6F7440464F4F2E4558414D504C452E434F4DA03206062B0601050202A0283026A0111B0F464F4F2E4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F7487047F000001871000000000000000000000000000000001
- 583:d=6 hl=2 l= 32 cons: SEQUENCE
- 585:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
- 590:d=7 hl=2 l= 1 prim: BOOLEAN :0
- 593:d=7 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030206082B06010505070304
- 617:d=6 hl=2 l= 18 cons: SEQUENCE
- 619:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
- 624:d=7 hl=2 l= 1 prim: BOOLEAN :255
- 627:d=7 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:30060101FF020103
- 637:d=6 hl=2 l= 34 cons: SEQUENCE
- 639:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
- 644:d=7 hl=2 l= 1 prim: BOOLEAN :0
- 647:d=7 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014A9993E364706816ABA3E25717850C26C9CD0D89D
- 673:d=6 hl=2 l= 32 cons: SEQUENCE
- 675:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
- 680:d=7 hl=2 l= 1 prim: BOOLEAN :0
- 683:d=7 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414A9993E364706816ABA3E25717850C26C9CD0D89D
- 707:d=6 hl=2 l= 107 cons: SEQUENCE
- 709:d=7 hl=2 l= 8 prim: OBJECT :Authority Information Access
- 719:d=7 hl=2 l= 1 prim: BOOLEAN :0
- 722:d=7 hl=2 l= 92 prim: OCTET STRING [HEX DUMP]:305A302B06082B06010505073001861F687474703A2F2F6F6373702D312E6578616D706C652E636F6D3A3132333435302B06082B06010505073001861F687474703A2F2F6F6373702D322E6578616D706C652E636F6D3A3132333435
- 816:d=6 hl=2 l= 96 cons: SEQUENCE
- 818:d=7 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points
- 823:d=7 hl=2 l= 1 prim: BOOLEAN :0
- 826:d=7 hl=2 l= 86 prim: OCTET STRING [HEX DUMP]:30543028A026A0248622687474703A2F2F63726C2D312E6578616D706C652E636F6D3A31323334352F6765743028A026A0248622687474703A2F2F63726C2D322E6578616D706C652E636F6D3A31323334352F676574
- 914:d=6 hl=2 l= 106 cons: SEQUENCE
- 916:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Freshest CRL
- 921:d=7 hl=2 l= 1 prim: BOOLEAN :0
- 924:d=7 hl=2 l= 96 prim: OCTET STRING [HEX DUMP]:305E302DA02BA0298627687474703A2F2F63726C2D312E6578616D706C652E636F6D3A31323334352F67657464656C7461302DA02BA0298627687474703A2F2F63726C2D322E6578616D706C652E636F6D3A31323334352F67657464656C7461
- 1022:d=6 hl=2 l= 51 cons: SEQUENCE
- 1024:d=7 hl=2 l= 9 prim: OBJECT :Netscape Comment
- 1035:d=7 hl=2 l= 1 prim: BOOLEAN :0
- 1038:d=7 hl=2 l= 35 prim: OCTET STRING [HEX DUMP]:1621636572746D6F6E6765722067656E65726174656420746869732072657175657374
- 1075:d=6 hl=2 l= 18 cons: SEQUENCE
- 1077:d=7 hl=2 l= 9 prim: OBJECT :OCSP No Check
- 1088:d=7 hl=2 l= 1 prim: BOOLEAN :0
- 1091:d=7 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:0500
- 1095:d=6 hl=2 l= 44 cons: SEQUENCE
- 1097:d=7 hl=2 l= 9 prim: OBJECT :1.3.6.1.4.1.311.20.2
- 1108:d=7 hl=2 l= 1 prim: BOOLEAN :0
- 1111:d=7 hl=2 l= 28 prim: OCTET STRING [HEX DUMP]:1E1A006300610041007700650073006F006D00650043006500720074
- 1141:d=6 hl=2 l= 20 cons: SEQUENCE
- 1143:d=7 hl=2 l= 9 prim: OBJECT :Netscape Cert Type
- 1154:d=7 hl=2 l= 1 prim: BOOLEAN :0
- 1157:d=7 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0
- 1163:d=1 hl=2 l= 13 cons: SEQUENCE
- 1165:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
- 1176:d=2 hl=2 l= 0 prim: NULL
- 1178:d=1 hl=2 l= 65 prim: BIT STRING
+ 35:d=2 hl=4 l= 290 cons: SEQUENCE
+ 39:d=3 hl=2 l= 13 cons: SEQUENCE
+ 41:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
+ 52:d=4 hl=2 l= 0 prim: NULL
+ 54:d=3 hl=4 l= 271 prim: BIT STRING
+ 329:d=2 hl=4 l=1030 cons: cont [ 0 ]
+ 333:d=3 hl=2 l= 52 cons: SEQUENCE
+ 335:d=4 hl=2 l= 9 prim: OBJECT :challengePassword
+ 346:d=4 hl=2 l= 39 cons: SET
+ 348:d=5 hl=2 l= 37 prim: PRINTABLESTRING :ChallengePasswordIsEncodedInPlainText
+ 387:d=3 hl=2 l= 61 cons: SEQUENCE
+ 389:d=4 hl=2 l= 9 prim: OBJECT :friendlyName
+ 400:d=4 hl=2 l= 48 cons: SET
+ 402:d=5 hl=2 l= 46 prim: BMPSTRING
+ 450:d=3 hl=4 l= 909 cons: SEQUENCE
+ 454:d=4 hl=2 l= 9 prim: OBJECT :Extension Request
+ 465:d=4 hl=4 l= 894 cons: SET
+ 469:d=5 hl=4 l= 890 cons: SEQUENCE
+ 473:d=6 hl=2 l= 14 cons: SEQUENCE
+ 475:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
+ 480:d=7 hl=2 l= 1 prim: BOOLEAN :0
+ 483:d=7 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205E0
+ 489:d=6 hl=4 l= 290 cons: SEQUENCE
+ 493:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name
+ 498:d=7 hl=2 l= 1 prim: BOOLEAN :0
+ 501:d=7 hl=4 l= 278 prim: OCTET STRING [HEX DUMP]:3082011282096C6F63616C686F737482156C6F63616C686F73742E6C6F63616C646F6D61696E810E726F6F74406C6F63616C686F7374811A726F6F74406C6F63616C686F73742E6C6F63616C646F6D61696EA020060A2B060104018237140203A0120C10726F6F74404558414D504C452E434F4DA02E06062B0601050202A0243022A00D1B0B4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F74A024060A2B060104018237140203A0160C14726F6F7440464F4F2E4558414D504C452E434F4DA03206062B0601050202A0283026A0111B0F464F4F2E4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F7487047F000001871000000000000000000000000000000001
+ 783:d=6 hl=2 l= 32 cons: SEQUENCE
+ 785:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
+ 790:d=7 hl=2 l= 1 prim: BOOLEAN :0
+ 793:d=7 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030206082B06010505070304
+ 817:d=6 hl=2 l= 18 cons: SEQUENCE
+ 819:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
+ 824:d=7 hl=2 l= 1 prim: BOOLEAN :255
+ 827:d=7 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:30060101FF020103
+ 837:d=6 hl=2 l= 34 cons: SEQUENCE
+ 839:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
+ 844:d=7 hl=2 l= 1 prim: BOOLEAN :0
+ 847:d=7 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014A9993E364706816ABA3E25717850C26C9CD0D89D
+ 873:d=6 hl=2 l= 32 cons: SEQUENCE
+ 875:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
+ 880:d=7 hl=2 l= 1 prim: BOOLEAN :0
+ 883:d=7 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414A9993E364706816ABA3E25717850C26C9CD0D89D
+ 907:d=6 hl=2 l= 107 cons: SEQUENCE
+ 909:d=7 hl=2 l= 8 prim: OBJECT :Authority Information Access
+ 919:d=7 hl=2 l= 1 prim: BOOLEAN :0
+ 922:d=7 hl=2 l= 92 prim: OCTET STRING [HEX DUMP]:305A302B06082B06010505073001861F687474703A2F2F6F6373702D312E6578616D706C652E636F6D3A3132333435302B06082B06010505073001861F687474703A2F2F6F6373702D322E6578616D706C652E636F6D3A3132333435
+ 1016:d=6 hl=2 l= 96 cons: SEQUENCE
+ 1018:d=7 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points
+ 1023:d=7 hl=2 l= 1 prim: BOOLEAN :0
+ 1026:d=7 hl=2 l= 86 prim: OCTET STRING [HEX DUMP]:30543028A026A0248622687474703A2F2F63726C2D312E6578616D706C652E636F6D3A31323334352F6765743028A026A0248622687474703A2F2F63726C2D322E6578616D706C652E636F6D3A31323334352F676574
+ 1114:d=6 hl=2 l= 106 cons: SEQUENCE
+ 1116:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Freshest CRL
+ 1121:d=7 hl=2 l= 1 prim: BOOLEAN :0
+ 1124:d=7 hl=2 l= 96 prim: OCTET STRING [HEX DUMP]:305E302DA02BA0298627687474703A2F2F63726C2D312E6578616D706C652E636F6D3A31323334352F67657464656C7461302DA02BA0298627687474703A2F2F63726C2D322E6578616D706C652E636F6D3A31323334352F67657464656C7461
+ 1222:d=6 hl=2 l= 51 cons: SEQUENCE
+ 1224:d=7 hl=2 l= 9 prim: OBJECT :Netscape Comment
+ 1235:d=7 hl=2 l= 1 prim: BOOLEAN :0
+ 1238:d=7 hl=2 l= 35 prim: OCTET STRING [HEX DUMP]:1621636572746D6F6E6765722067656E65726174656420746869732072657175657374
+ 1275:d=6 hl=2 l= 18 cons: SEQUENCE
+ 1277:d=7 hl=2 l= 9 prim: OBJECT :OCSP No Check
+ 1288:d=7 hl=2 l= 1 prim: BOOLEAN :0
+ 1291:d=7 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:0500
+ 1295:d=6 hl=2 l= 44 cons: SEQUENCE
+ 1297:d=7 hl=2 l= 9 prim: OBJECT :1.3.6.1.4.1.311.20.2
+ 1308:d=7 hl=2 l= 1 prim: BOOLEAN :0
+ 1311:d=7 hl=2 l= 28 prim: OCTET STRING [HEX DUMP]:1E1A006300610041007700650073006F006D00650043006500720074
+ 1341:d=6 hl=2 l= 20 cons: SEQUENCE
+ 1343:d=7 hl=2 l= 9 prim: OBJECT :Netscape Cert Type
+ 1354:d=7 hl=2 l= 1 prim: BOOLEAN :0
+ 1357:d=7 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0
+ 1363:d=1 hl=2 l= 13 cons: SEQUENCE
+ 1365:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
+ 1376:d=2 hl=2 l= 0 prim: NULL
+ 1378:d=1 hl=4 l= 257 prim: BIT STRING
Test complete (69 combinations).
diff --git a/tests/003-csrgen/run.sh b/tests/003-csrgen/run.sh
index 9a1c027..67b1206 100755
--- a/tests/003-csrgen/run.sh
+++ b/tests/003-csrgen/run.sh
@@ -5,7 +5,7 @@ cd "$tmpdir"
source "$srcdir"/functions
initnssdb "$tmpdir"
-for size in 512 1024 1536 2048 3072 4096 ; do
+for size in 1024 1536 2048 3072 4096 ; do
# Build a self-signed certificate.
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
-s "cn=T$size" -c "cn=T$size" \
@@ -298,7 +298,7 @@ for ns_certtype in "" client server email objsign reserved sslca emailca objca c
done
ns_certtype=
-size=512
+size=2048
subject="CN=Babs Jensen"
hostname=localhost,localhost.localdomain
email=root at localhost,root at localhost.localdomain
diff --git a/tests/004-selfsign-rsa/expected.out b/tests/004-selfsign-rsa/expected.out
index c50bd2e..dd5029e 100644
--- a/tests/004-selfsign-rsa/expected.out
+++ b/tests/004-selfsign-rsa/expected.out
@@ -1,4 +1,3 @@
-512 OK.
1024 OK.
1536 OK.
2048 OK.
diff --git a/tests/004-selfsign-rsa/run.sh b/tests/004-selfsign-rsa/run.sh
index 8788bdb..6f9285b 100755
--- a/tests/004-selfsign-rsa/run.sh
+++ b/tests/004-selfsign-rsa/run.sh
@@ -33,7 +33,7 @@ function setupca() {
EOF
}
-for size in 512 1024 1536 2048 3072 4096 ; do
+for size in 1024 1536 2048 3072 4096 ; do
# Build a self-signed certificate.
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
-s "cn=T$size" -c "cn=T$size" \
diff --git a/tests/004-selfsign/expected.out b/tests/004-selfsign/expected.out
index c50bd2e..dd5029e 100644
--- a/tests/004-selfsign/expected.out
+++ b/tests/004-selfsign/expected.out
@@ -1,4 +1,3 @@
-512 OK.
1024 OK.
1536 OK.
2048 OK.
diff --git a/tests/004-selfsign/run.sh b/tests/004-selfsign/run.sh
index 7b2ee43..7bb368e 100755
--- a/tests/004-selfsign/run.sh
+++ b/tests/004-selfsign/run.sh
@@ -43,7 +43,7 @@ function setupca() {
EOF
}
-for size in 512 1024 1536 2048 3072 4096 ; do
+for size in 1024 1536 2048 3072 4096 ; do
# Build a self-signed certificate.
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
-s "cn=T$size" -c "cn=T$size" \
commit b6c395c7860336c2b0a8e1f00c0407c2c05dbafb
Author: Nalin Dahyabhai <nalin at redhat.com>
Date: Tue Oct 27 16:49:04 2015 -0400
Document dogtag-ipa-renew-agent-submit's -t flag
Mention the -t flag in the man page for dogtag-ipa-renew-agent-submit,
to keep it in line with vanilla dogtag-submit.
At this point, the only things left that we don't note in the page for
dogtag-ipa-renew-agent-submit should be options related to how the tool
authenticates to the server, but since using IPA-agent-specific default
authentication settings is the point of having
dogtag-ipa-renew-agent-submit, that should be okay.
diff --git a/src/certmonger-dogtag-ipa-renew-agent-submit.8.in b/src/certmonger-dogtag-ipa-renew-agent-submit.8.in
index 3863b2a..65dc4fb 100644
--- a/src/certmonger-dogtag-ipa-renew-agent-submit.8.in
+++ b/src/certmonger-dogtag-ipa-renew-agent-submit.8.in
@@ -19,6 +19,7 @@ dogtag-ipa-renew-agent-submit -E EE-URL -A AGENT-URL
[-T profile]
[-O param=value]
[-N | -R]
+[-t]
[-o option=value]
[-v]
[csrfile]
@@ -146,6 +147,10 @@ The default behavior is to request a renewal if possible.
\fB-R\fR
Negates the effect of the \fB-N\fR flag.
.TP
+\fB-t\fR
+Instead of attempting to obtain a new certificate, query the server for a list
+of the enabled enrollment profiles.
+.TP
\fB-o\fR param=value
When initially submitting a request to the CA, add the specified parameter and
value along with any request parameters which would otherwise be sent. This
diff --git a/src/certmonger-dogtag-submit.8.in b/src/certmonger-dogtag-submit.8.in
index 3a8fc87..260c9a6 100644
--- a/src/certmonger-dogtag-submit.8.in
+++ b/src/certmonger-dogtag-submit.8.in
@@ -19,6 +19,7 @@ dogtag-submit -E EE-URL -A AGENT-URL
[-T profile]
[-O param=value]
[-N | -R]
+[-t]
[-o option=value]
[-a ]
[-u username]
@@ -90,7 +91,7 @@ A cookie value provided by a previous instance of this helper, if the helper
is being asked to continue a multi-step enrollment process. If the
\fICERTMONGER_COOKIE\fR environment variable is set, its value is used.
.TP
-\fB-T\fR profile
+\fB-T\fR profile/template
The name of the type of certificate which the client should request from the CA
if it is not renewing a certificate (per the \fB-s\fR option above). If the
\fICERTMONGER_CA_PROFILE\fR environment variable is set, its value is used.
commit e787075c66c93653ff0d2f607908e2004331bca1
Author: Nalin Dahyabhai <nalin at redhat.com>
Date: Tue Oct 27 16:41:09 2015 -0400
Document -R/-N/-o in dogtag-ipa-renew-agent-submit
Add notes about the -R, -N, and -o flags to the man page for
dogtag-ipa-renew-agent-submit.
It's really just a version of dogtag-submit with different defaults
compiled in, and that should already be reflected in the --help output,
but overriding key behaviors while still using those defaults can be a
useful thing in troubleshooting situations, so we should document them.
Heads-up from Marco Rhodes.
diff --git a/src/certmonger-dogtag-ipa-renew-agent-submit.8.in b/src/certmonger-dogtag-ipa-renew-agent-submit.8.in
index 481e396..3863b2a 100644
--- a/src/certmonger-dogtag-ipa-renew-agent-submit.8.in
+++ b/src/certmonger-dogtag-ipa-renew-agent-submit.8.in
@@ -1,4 +1,4 @@
-.TH certmonger 8 "18 Nov 2014" "certmonger Manual"
+.TH certmonger 8 "27 Oct 2015" "certmonger Manual"
.SH NAME
dogtag-ipa-renew-agent-submit
@@ -18,6 +18,8 @@ dogtag-ipa-renew-agent-submit -E EE-URL -A AGENT-URL
[-S state]
[-T profile]
[-O param=value]
+[-N | -R]
+[-o option=value]
[-v]
[csrfile]
@@ -134,6 +136,21 @@ settings are applied. This option can be used either to override a
server-supplied default setting, or to supply one which would otherwise have
not been used.
.TP
+\fB-N\fR
+Even if an already-issued certificate is available in the
+\fICERTMONGER_CERTIFICATE\fR environment variable, or a serial number has been
+provided, don't attempt to renew a certificate using its serial number.
+Instead, attempt to obtain a new certificate using the signing request.
+The default behavior is to request a renewal if possible.
+.TP
+\fB-R\fR
+Negates the effect of the \fB-N\fR flag.
+.TP
+\fB-o\fR param=value
+When initially submitting a request to the CA, add the specified parameter and
+value along with any request parameters which would otherwise be sent. This
+option is not typically used.
+.TP
\fB-v\fR
Increases the logging level. Use twice for more logging. This option is mainly
useful for troubleshooting.
diff --git a/src/certmonger-dogtag-submit.8.in b/src/certmonger-dogtag-submit.8.in
index 54cd1b1..3a8fc87 100644
--- a/src/certmonger-dogtag-submit.8.in
+++ b/src/certmonger-dogtag-submit.8.in
@@ -1,4 +1,4 @@
-.TH certmonger 8 "13 Apr 2015" "certmonger Manual"
+.TH certmonger 8 "27 Oct 2015" "certmonger Manual"
.SH NAME
dogtag-submit
@@ -108,6 +108,7 @@ Even if an already-issued certificate is available in the
\fICERTMONGER_CERTIFICATE\fR environment variable, or a serial number has been
provided, don't attempt to renew a certificate using its serial number.
Instead, attempt to obtain a new certificate using the signing request.
+The default behavior is to request a renewal if possible.
.TP
\fB-R\fR
Negates the effect of the \fB-N\fR flag.
More information about the Pkg-freeipa-devel
mailing list