[Pki-devel] [PATCH] pki-cfu-0045-Ticket-1028-phase2-TPS-rewrite-provide-externalReg-f.patch

Christina Fu cfu at redhat.com
Tue Apr 14 23:47:38 UTC 2015


pushed to master
commit 711d3ca66b6702a33839c3a436550464fa49d0d8

On 04/14/2015 04:35 PM, John Magne wrote:
> ACK
>
> The main thrust of this appears to be the recovery by key case.
>
> If all this has been tested good to go, except one minor typo I found here:
>
>
> +                if (1<3) {
> +                    erCert.setIsRetainable(true);
> +                }
>                   erAttrs.addCertToRecover(erCert);
>
> Of course we must mean i < 3 . Also put a quick comment that this is
> for the "cert retention" feature in the next phase.
>
>
> ----- Original Message -----
> From: "Christina Fu" <cfu at redhat.com>
> To: pki-devel at redhat.com
> Sent: Friday, April 10, 2015 4:18:26 PM
> Subject: [Pki-devel] [PATCH]	pki-cfu-0045-Ticket-1028-phase2-TPS-rewrite-provide-externalReg-f.patch
>
> Please review.
>
> This patch is the 2nd phase of the externalReg feature, it makes the
> following improvements:
> * added feature: recovery by keyid (v.s. by cert)
> * fixed some auditing message errors
> * added some missing ldapStringAttributes needed for delegation to work
> properly
> * added missing externalReg required config parameters
> * made corrections to some externalReg related parameters to allow
> delegation to work properly
> * added handle of some error cases
> * made sure externalReg enrollment does not go half-way (once fails,
> bails out)
>
> tested:
> * enrollment of the three default TPS profiles (tokenTypes)
> * format of the tokens enrolled with the three default tps profiles
> * delegation enrollments
> * cuid match check
>
> next phase:
> * cert/key retention (allow preserving existing certs/keys on the token)
>
> note:
> * some of the activity log and cert status related issues that are not
> specifically relating to externalReg will be addressed in other more
> relevant tickets.
>
> thanks,
> Christina
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel




More information about the Pki-devel mailing list