[Freeipa-devel] [PATCHES] 172-196 Refactor certificate renewal code
Jan Cholasta
jcholast at redhat.com
Wed Mar 19 13:33:12 UTC 2014
On 13.3.2014 13:41, Jan Cholasta wrote:
> On 12.3.2014 19:59, Petr Viktorin wrote:
>> Certmonger is not configured/started in CA-less installs.
>
> That's expected.
>
>>
>> I tested fresh installs and upgrades; renewals work fine for me.
>>
>> 161-184 look OK
>>
>> 185: one more nitpick:
>> cert = entry['usercertificate'][0]
>> Shouldn't that use entry.single_value?
>
> I did not feel like changing this, because this is used in the original
> code and the userCertificate LDAP attribute is multi-value.
>
>>
>> 186-189 look OK
>>
>> 190: Is
>> fqdn = entries[0].dn[1].value
>> return api.env.host == fqdn
>> safe? Can they differ in case, for example?
>
> I guess so, will fix.
>
>>
>> 191-196 look OK
>>
>>> Note that patches 178 & 179 were already pushed. Also, patch 190 was
>>> changed to store information about which CA instance is master in LDAP.
Updated patches attached.
Note that I changed the path for CSR export to /var/lib/ipa/ca.csr to
make it more SELinux-friendly (not in the policy yet, see
<https://bugzilla.redhat.com/show_bug.cgi?id=1077689>).
--
Jan Cholasta
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-172.2-Move-CACERT-definition-to-a-single-place.patch
Type: text/x-patch
Size: 13423 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140319/6275d1f8/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-173.2-Do-not-create-CA-certificate-files-in-CA-less-server.patch
Type: text/x-patch
Size: 1928 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140319/6275d1f8/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-174.2-Use-LDAP-API-to-upload-CA-certificate-instead-of-lda.patch
Type: text/x-patch
Size: 2811 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140319/6275d1f8/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-175.2-Upload-CA-certificate-from-DS-NSS-database-in-CA-les.patch
Type: text/x-patch
Size: 3169 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140319/6275d1f8/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-176.2-Remove-unused-method-export_ca_cert-of-dsinstance.patch
Type: text/x-patch
Size: 979 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140319/6275d1f8/attachment-0004.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-177.2-Show-progress-when-enabling-SSL-in-DS-in-ipa-server-.patch
Type: text/x-patch
Size: 3276 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140319/6275d1f8/attachment-0005.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-180.2-Use-certmonger-D-Bus-API-to-configure-certmonger-in-.patch
Type: text/x-patch
Size: 4923 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140319/6275d1f8/attachment-0006.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-181.2-Add-new-certmonger-CA-helper-dogtag-ipa-ca-renew-age.patch
Type: text/x-patch
Size: 4170 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140319/6275d1f8/attachment-0007.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-182.2-Update-pkcs10-module-functions-to-always-load-CSRs-a.patch
Type: text/x-patch
Size: 5484 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140319/6275d1f8/attachment-0008.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-183.2-Remove-unused-function-get_subjectaltname-from-the-c.patch
Type: text/x-patch
Size: 1324 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140319/6275d1f8/attachment-0009.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-184.2-Add-function-for-parsing-friendly-name-from-certific.patch
Type: text/x-patch
Size: 2869 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140319/6275d1f8/attachment-0010.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-185.2-Support-retrieving-renewed-certificates-from-LDAP-in.patch
Type: text/x-patch
Size: 3515 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140319/6275d1f8/attachment-0011.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-186.2-Use-dogtag-ipa-ca-renew-agent-to-retrieve-renewed-ce.patch
Type: text/x-patch
Size: 5177 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140319/6275d1f8/attachment-0012.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-187.2-Remove-dogtag-ipa-retrieve-agent-submit.patch
Type: text/x-patch
Size: 4906 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140319/6275d1f8/attachment-0013.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-188.2-Support-storing-renewed-certificates-to-LDAP-in-dogt.patch
Type: text/x-patch
Size: 5516 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140319/6275d1f8/attachment-0014.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-189.2-Use-dogtag-ipa-ca-renew-agent-to-track-certificates-.patch
Type: text/x-patch
Size: 13042 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140319/6275d1f8/attachment-0015.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-190.2-Store-information-about-which-CA-server-is-master-in.patch
Type: text/x-patch
Size: 5346 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140319/6275d1f8/attachment-0016.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-191.2-Make-the-default-dogtag-ipa-ca-renew-agent-behavior-.patch
Type: text/x-patch
Size: 2858 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140319/6275d1f8/attachment-0017.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-192.2-Merge-restart_pkicad-functionality-to-renew_ca_cert-.patch
Type: text/x-patch
Size: 7777 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140319/6275d1f8/attachment-0018.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-193.2-Merge-restart_httpd-functionality-to-renew_ra_cert.patch
Type: text/x-patch
Size: 2238 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140319/6275d1f8/attachment-0019.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-194.2-Use-the-same-certmonger-configuration-for-both-CA-ma.patch
Type: text/x-patch
Size: 9618 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140319/6275d1f8/attachment-0020.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-195.2-Update-certmonger-configuration-in-ipa-upgradeconfig.patch
Type: text/x-patch
Size: 7235 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140319/6275d1f8/attachment-0021.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-196.2-Support-exporting-CSRs-in-dogtag-ipa-ca-renew-agent.patch
Type: text/x-patch
Size: 1745 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140319/6275d1f8/attachment-0022.bin>
More information about the Freeipa-devel
mailing list