[Freeipa-devel] [PATCHES] 295-299 Allow changing chaining of the IPA CA certificate
Jan Cholasta
jcholast at redhat.com
Thu Jul 3 18:07:49 UTC 2014
On 2.7.2014 19:37, Jan Cholasta wrote:
> On 2.7.2014 19:08, Rob Crittenden wrote:
>> Trimming to respond to your questions.
>>>> Not sure if this is related:
>>>> # pki cert-find
>>>> PKIException: Internal Server Error
>>
>> I'm pretty sure the cert-find error is related to the fact that I had a
>> test build of dogtag installed, so that can be ignored.
>
> It does not work for me as well, with the current F20 dogtag packages,
> but like I said, it worked some time ago.
Still haven't figured this out, unfortunately.
Added patches 304 and 305 to fix /etc/ipa/ca.crt not having all the CA
certificates on master.
Updated rebased patches attached. The correct order to apply is 295-294,
303-305, 295-299.
--
Jan Cholasta
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-241.6-Add-function-for-checking-if-certificate-is-self-sig.patch
Type: text/x-patch
Size: 895 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-242.6-Support-CA-certificate-renewal-in-dogtag-ipa-ca-rene.patch
Type: text/x-patch
Size: 3220 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-243.6-Allow-IPA-master-hosts-to-update-CA-certificate-in-L.patch
Type: text/x-patch
Size: 1077 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-244.6-Automatically-update-CA-certificate-in-LDAP-on-renew.patch
Type: text/x-patch
Size: 2383 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-245.6-Track-CA-certificate-using-dogtag-ipa-ca-renew-agent.patch
Type: text/x-patch
Size: 5097 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0004.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-246.6-Add-method-for-setting-CA-renewal-master-in-LDAP-to-.patch
Type: text/x-patch
Size: 2471 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0005.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-247.6-Provide-additional-functions-to-ipapython.certmonger.patch
Type: text/x-patch
Size: 2097 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0006.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-248.6-Move-external-cert-validation-from-ipa-server-instal.patch
Type: text/x-patch
Size: 5954 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0007.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-249.6-Add-method-for-verifying-CA-certificates-to-NSSDatab.patch
Type: text/x-patch
Size: 2034 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0008.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-250.6-Add-permissions-for-CA-certificate-renewal.patch
Type: text/x-patch
Size: 4088 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0009.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-251.6-Add-CA-certificate-management-tool-ipa-cacert-manage.patch
Type: text/x-patch
Size: 17035 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0010.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-252.6-Alert-user-when-externally-signed-CA-is-about-to-exp.patch
Type: text/x-patch
Size: 1711 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0011.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-253.6-Load-sysupgrade.state-on-demand.patch
Type: text/x-patch
Size: 1341 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0012.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-262.5-Pick-new-CA-renewal-master-when-deleting-a-replica.patch
Type: text/x-patch
Size: 3778 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0013.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-263.4-Remove-master-ACIs-when-deleting-a-replica.patch
Type: text/x-patch
Size: 2614 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0014.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-264.4-Do-not-use-ldapi-in-certificate-renewal-scripts.patch
Type: text/x-patch
Size: 12106 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0015.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-265.4-Check-that-renewed-certificates-coming-from-LDAP-are.patch
Type: text/x-patch
Size: 2898 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0016.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-266.3-Allow-IPA-master-hosts-to-read-and-update-IPA-master.patch
Type: text/x-patch
Size: 3191 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0017.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-267.3-Do-not-treat-the-IPA-RA-cert-as-CA-cert-in-DS-NSS-da.patch
Type: text/x-patch
Size: 3574 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0018.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-268.3-Remove-certificate-External-CA-cert-from-etc-pki-nss.patch
Type: text/x-patch
Size: 1511 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0019.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-269.3-Allow-specifying-trust-flags-in-NSSDatabase-and-Cert.patch
Type: text/x-patch
Size: 1986 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0020.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-270.3-Fix-trust-flags-in-HTTP-and-DS-NSS-databases.patch
Type: text/x-patch
Size: 9990 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0021.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-271.3-Add-LDAP-schema-for-wrapped-cryptographic-keys.patch
Type: text/x-patch
Size: 3725 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0022.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-272.3-Add-LDAP-schema-for-certificate-store.patch
Type: text/x-patch
Size: 3425 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0023.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-273.3-Add-container-for-certificate-store.patch
Type: text/x-patch
Size: 1852 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0024.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-274.3-Configure-attribute-uniqueness-for-certificate-store.patch
Type: text/x-patch
Size: 2379 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0025.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-275.3-Add-permissions-for-certificate-store.patch
Type: text/x-patch
Size: 13369 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0026.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-276.3-Add-functions-for-extracting-certificates-fields-in-.patch
Type: text/x-patch
Size: 3376 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0027.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-277.3-Add-function-for-extracting-extended-key-usage-from-.patch
Type: text/x-patch
Size: 1752 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0028.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-278.3-Add-certificate-store-module-ipalib.certstore.patch
Type: text/x-patch
Size: 14520 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0029.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-279.3-Upload-CA-chain-from-DS-NSS-database-to-certificate-.patch
Type: text/x-patch
Size: 3206 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0030.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-280.3-Upload-CA-chain-from-DS-NSS-database-to-certificate-.patch
Type: text/x-patch
Size: 3815 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0031.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-281.3-Rename-CertDB-method-add_cert-to-import_cert.patch
Type: text/x-patch
Size: 1684 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0032.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-282.3-Add-new-add_cert-method-for-adding-certificates-to-N.patch
Type: text/x-patch
Size: 3420 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0033.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-283.3-Import-CA-certs-from-certificate-store-to-DS-NSS-dat.patch
Type: text/x-patch
Size: 3020 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0034.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-284.3-Import-CA-certs-from-certificate-store-to-HTTP-NSS-d.patch
Type: text/x-patch
Size: 1599 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0035.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-285.3-Upload-renewed-CA-cert-to-certificate-store-on-renew.patch
Type: text/x-patch
Size: 1616 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0036.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-286.3-Refactor-CA-certificate-fetching-code-in-ipa-client-.patch
Type: text/x-patch
Size: 7364 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0037.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-287.3-Support-multiple-CA-certificates-in-etc-ipa-ca.crt-i.patch
Type: text/x-patch
Size: 11021 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0038.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-288.3-Add-function-for-writing-list-of-certificates-to-a-P.patch
Type: text/x-patch
Size: 3612 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0039.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-289.3-Get-CA-certs-for-etc-ipa-ca.crt-from-certificate-sto.patch
Type: text/x-patch
Size: 4372 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0040.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-290.3-Allow-overriding-NSS-database-path-in-RPCClient.patch
Type: text/x-patch
Size: 1705 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0041.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-291.3-Get-CA-certs-for-etc-pki-nssdb-from-certificate-stor.patch
Type: text/x-patch
Size: 10849 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0042.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-292.3-Add-functions-for-DER-encoding-certificate-extension.patch
Type: text/x-patch
Size: 1790 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0043.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-293.3-Get-CA-certs-for-system-wide-store-from-cert-store-i.patch
Type: text/x-patch
Size: 10220 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0044.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-294.3-Get-up-to-date-CA-certificates-from-certificate-stor.patch
Type: text/x-patch
Size: 3398 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0045.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-295.3-Add-new-NSSDatabase-method-get_cert-for-getting-cert.patch
Type: text/x-patch
Size: 1467 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0046.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-296.3-Allow-changing-chaining-of-the-IPA-CA-certificate-in.patch
Type: text/x-patch
Size: 5793 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0047.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-297.3-Update-CS.cfg-on-IPA-CA-certificate-chaining-change-.patch
Type: text/x-patch
Size: 3230 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0048.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-298.3-Allow-adding-CA-certificates-to-certificate-store-in.patch
Type: text/x-patch
Size: 5907 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0049.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-299.3-Allow-upgrading-CA-less-to-CA-full-using-ipa-ca-inst.patch
Type: text/x-patch
Size: 15852 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0050.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-303.1-Add-client-certificate-update-tool-ipa-certupdate.patch
Type: text/x-patch
Size: 12216 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0051.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-304-Export-full-CA-chain-to-etc-ipa-ca.crt-in-ipa-server.patch
Type: text/x-patch
Size: 1105 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0052.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-305-Allow-multiple-CA-certificates-in-replica-info-files.patch
Type: text/x-patch
Size: 1478 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140703/4b04bce2/attachment-0053.bin>
More information about the Freeipa-devel
mailing list