date:20161019

Re: [Pki-devel] [pki-devel][PATCH] 0083-PIN_RESET-policy-is-not-giving-expected-results-when.patch

2016-10-19 Thread Christina Fu


code looks fine.  If tested to work, ACK.

Christina


On 10/18/2016 07:02 PM, John Magne wrote:

PIN_RESET policy is not giving expected results when set on a token.
 
 Simple fix to actually honor the PIN_RESET=or policy for a given token.

Minor logging improvements added as well for this error condition.
 
 Ticket #2510.





___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel


___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

Re: [Pki-devel] Karma Requests for pki-core-10.3.5-7 and pki-console-10.3.5-2

2016-10-19 Thread Matthew Harmsen


On 10/11/2016 01:12 PM, Matthew Harmsen wrote:
*The following updated candidate builds of pki-core 10.3.5 and 
pki-console 10.3.5 were generated:*


  * *Fedora 24*
  o *pki-core-10.3.5-7.fc24
*
  o *pki-console-10.3.5-2.fc24

*
  * *Fedora 25*
  o *pki-core-10.3.5-7.fc25
*
  o *pki-console-10.3.5-2.fc25

*
  * *Fedora 26*
  o *pki-core-10.3.5-7.fc26 (still working on build issues
encountered on rawhide)*


 * *pki-core-10.3.5-7.fc26
   **
   *


  o *pki-console-10.3.5-2.fc26
*

*Additionally, the CentOS 7 COPR EPEL Builds of Dogtag 10.3.3 were 
also updated:*


  * 
*https://copr.fedorainfracloud.org/coprs/g/pki/epel-7.3/repo/epel-7/group_pki-epel-7.3-epel-7.repo*



[group_pki-epel-7.3]
name=Copr repo for epel-7.3 owned by @pki

baseurl=https://copr-be.cloud.fedoraproject.org/results/@pki/epel-7.3/epel-7-$basearch/
type=rpm-md
skip_if_unavailable=True
gpgcheck=1

gpgkey=https://copr-be.cloud.fedoraproject.org/results/@pki/epel-7.3/pubkey.gpg
repo_gpgcheck=0
enabled=1
enabled_metadata=1

*These builds address the following PKI tickets:*

  * PKI TRAC Ticket #1527 - TPS Enrollment always goes to "ca1" (cfu)

  * PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to
enroll a single user on multiple tokens. (jmagne)

  * PKI TRAC Ticket #2463 - Troubleshooting improvements (edewata)

  o potentially more to come in future releases
  * PKI TRAC Ticket #2466 - two-step externally-signed CA installation
fails due to missing AuthorityID (ftweedal)

  * PKI TRAC Ticket #2475 - Multiple host authority entries created
(ftweedal) 
  * PKI TRAC Ticket #2476 - Dogtag Miscellaneous Minor Changes
(edewata) 
  o potentially more to come in future releases
  * PKI TRAC Ticket #2478 - pkispawn fails as it is not able to find
openssl as a dependency package (mharmsen)

  * PKI TRAC Ticket #2483 - Unable to read an encrypted email using
renewed tokens (jmagne) 
  * PKI TRAC Ticket #2496 - Cert/Key recovery is successful when the
cert serial number and key id on the ldap user mismatches (cfu)

  * PKI TRAC Ticket #2497 - KRA installation failed against
externally-signed CA with partial certificate chain (edewata)

  * PKI TRAC Ticket #2505 - Fix packaging duplicates of classes in
multiple jar files (edewata)


*Please provide Karma for the following builds:*

  * *Fedora 24*
  o *https://bodhi.fedoraproject.org/updates/FEDORA-2016-76fae7b25f
pki-core-10.3.5-7.fc24
*
  o *https://bodhi.fedoraproject.org/updates/FEDORA-2016-a9e6c42783
pki-console-10.3.5-2.fc24
*
  * *Fedora 25*
  o *https://bodhi.fedoraproject.org/updates/FEDORA-2016-3496056579
   pki-core-10.3.5-7.fc25*
  o *https://bodhi.fedoraproject.org/updates/FEDORA-2016-70b3b8b697
pki-console-10.3.5-2.fc25

*



___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

Re: [Pki-devel] [pki-devel][PATCH] 0082-Cert-Key-recovery-is-successful-when-the-cert-serial.patch

2016-10-19 Thread John Magne

Pushed to master:

commit 9090451aa9f1a2dfcef8b852bb1e1d13d270098d
Author: Jack Magne 
Date:   Tue Oct 18 15:08:44 2016 -0700

 Cert/Key recovery is successful when the cert serial number and key id on 
the ldap user mismatches

 Fixes this bug #1381375.
The portion this patch fixes involves URL encoding glitch we encountered 
when recovering keys using
the "by cert" method.

Also this bug addresses:

Bug 1379379 - Unable to read an encrypted email using renewed tokens
The URL encoding problem was affecting the proper verification of this bug.

and

Bug 1379749 - Automatic recovery of encryption cert is not working when a 
token is physically damaged and a temporary token is issued

The URI encoding was also making this bug appear to fail more than it 
should have.
There is also a minor fix to the feature that makes sure it works.

This small fix is in TPSEngine.java where the constant for 
GenerateNewAndRecoverLast scheme is declared.

- Original Message -
From: "Christina Fu" 
To: pki-devel@redhat.com
Sent: Tuesday, October 18, 2016 4:24:08 PM
Subject: Re: [Pki-devel] [pki-devel][PATCH] 
0082-Cert-Key-recovery-is-successful-when-the-cert-serial.patch



If tested to work for all cases, ACK. 

Christina 

On 10/18/2016 03:22 PM, John Magne wrote: 



Cert/Key recovery is successful when the cert serial number and key id on the 
ldap user mismatches

 Fixes this bug #1381375.
The portion this patch fixes involves URL encoding glitch we encountered 
when recovering keys using
the "by cert" method.

Also this bug addresses:

Bug 1379379 - Unable to read an encrypted email using renewed tokens
The URL encoding problem was affecting the proper verification of this bug.

and

Bug 1379749 - Automatic recovery of encryption cert is not working when a 
token is physically damaged and a temporary token is issued

The URI encoding was also making this bug appear to fail more than it 
should have.
There is also a minor fix to the feature that makes sure it works.

This small fix is in TPSEngine.java where the constant for 
GenerateNewAndRecoverLast scheme is declared. 


___
Pki-devel mailing list Pki-devel@redhat.com 
https://www.redhat.com/mailman/listinfo/pki-devel 


___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

Re: [Pki-devel] [PATCH] 844 Fixed CryptoUtil.getTokenName().

2016-10-19 Thread Endi Sukma Dewata


On 10/18/2016 11:34 AM, Christina Fu wrote:

Code looks good.  ACK if tested to work in both FIPS and non-FIPS, with
or without HSM.

Might be a future exercise to find out where the string "Internal Key
Storage Token" comes from.

Christina


Thanks! It works in the above cases. The patch has already been pushed 
to master.


--
Endi S. Dewata

___
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

Re: [Pki-devel] [pki-devel][PATCH] 0083-PIN_RESET-policy-is-not-giving-expected-results-when.patch

Re: [Pki-devel] Karma Requests for pki-core-10.3.5-7 and pki-console-10.3.5-2

Re: [Pki-devel] [pki-devel][PATCH] 0082-Cert-Key-recovery-is-successful-when-the-cert-serial.patch

Re: [Pki-devel] [PATCH] 844 Fixed CryptoUtil.getTokenName().

4 matches

Site Navigation

Mail list logo

Footer information