Re: [Pki-devel] [pki-devel][PATCH]
Verbally discussed issue with cfu, was given cond ack upon fixing the issue: Issue has been fixed, checked into master. commit cdb8d2f7a3655b4ba97b70a9460721e0d2d8afe7 Author: Jack MagneDate: Tue Nov 15 17:37:07 2016 -0800 Change lifecycle at end of enrollment if it is not already set. TPS throws "err=6" when attempting to format and enroll G Cards. https://bugzilla.redhat.com/show_bug.cgi?id=1320283 This fix addresses this bug , but also: Fixes this issue: Applet upgrade during rekey operation results in formatted token. Also, it takes care of a related issue where the new apdu needed for the lifecycle state causes the testing tool "tpslcient" to seg fault. The fix here is a minimal fix to have tpsclient return an error when it gets this apdu it can't handle, instead of crashing. Closed ticket # 2544 - Original Message - > From: "Christina Fu" > To: pki-devel@redhat.com > Sent: Wednesday, November 16, 2016 6:25:49 PM > Subject: Re: [Pki-devel] [pki-devel][PATCH] > > > > I compared this patch with the original C patch. There was a check in C that > does not exist in your Java patch: > 1019 > if(data.size() != 3){ > > 1020 > lifecycle = 0xf0; > > 1021 > RA::Error(LL_PER_PDU, "RA_Processor::GetLifecycle", "apdu response is the > wrong size, the size is: %x", data.size()); > > 1022 > goto loser; > > 1023 > } > > Why does it not apply in Java? > > Thanks, > Christina > > On 11/15/2016 06:20 PM, John Magne wrote: > > > > Ticket: TPS throws "err=6" when attempting to format and e : > https://fedorahosted.org/pki/ticket/2544 Fix tested on standard card, it > does what it is supposed to do. It checks first to make sure the lifecycle > state needs to be changed before attempting to do so. This will prevent any > cards that return an error when > one tries to over write the value with the same value it had before. > > > ___ > Pki-devel mailing list Pki-devel@redhat.com > https://www.redhat.com/mailman/listinfo/pki-devel > > > ___ > Pki-devel mailing list > Pki-devel@redhat.com > https://www.redhat.com/mailman/listinfo/pki-devel ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel
[Pki-devel] [PATCH] 876 Updated pki-cert man page.
The pki-cert man page has been updated to clarify that certain profiles may require authentication and the CLI supports certain authentication types. https://fedorahosted.org/pki/ticket/2289 Pushed to master under trivial/one-liner rule. -- Endi S. Dewata >From 52694cd6acf81446623b6d24947d8d3afdc8536c Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata"Date: Tue, 22 Nov 2016 19:29:58 +0100 Subject: [PATCH] Updated pki-cert man page. The pki-cert man page has been updated to clarify that certain profiles may require authentication and the CLI supports certain authentication types. https://fedorahosted.org/pki/ticket/2289 --- base/java-tools/man/man1/pki-cert.1 | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/base/java-tools/man/man1/pki-cert.1 b/base/java-tools/man/man1/pki-cert.1 index 7ece1ad7bfc277a4093acdee9592d8671b00b6bd..146c82bc7fe1711646f4ea352b91986090bbb602 100644 --- a/base/java-tools/man/man1/pki-cert.1 +++ b/base/java-tools/man/man1/pki-cert.1 @@ -215,7 +215,10 @@ profile, and submit the request using the following command: .B pki ca-cert-request-submit -Depending on the profile, an agent may need to review the request by running +Depending on the profile, the command may require authentication (see the profile configuration file). +The CLI currently supports client certificate authentication and directory-based authentication. + +Also depending on the profile, an agent may need to review and approve the request by running the following command: .B pki ca-cert-request-review --file -- 2.5.5 ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel
Re: [Pki-devel] [PATCH] 339-340 fixes for new Key REST logic
Acked by Endi. Pushed to Master. On Mon, 2016-11-21 at 18:33 -0500, Ade Lee wrote: > Patch 340: > commit 0e1c6e0634f5d3b3d4b8a3d7293b23f1953cf542 > Author: Ade Lee> Date: Mon Nov 21 17:42:11 2016 -0500 > > Fix bug in getting secrets from approved request > > When request was approved and retrieved through the rest > interface, the corresponding volatile requests object was not > created due to the new flow. This makes sure the volatile > request > is created. > > Patch 339: > commit 2e37a2fe6173a9968fd76fb7ff93e7cc188aa700 > Author: Ade Lee > Date: Mon Nov 21 12:01:09 2016 -0500 > > Add python-client code for key resource changes > ___ > Pki-devel mailing list > Pki-devel@redhat.com > https://www.redhat.com/mailman/listinfo/pki-devel ___ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel