Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cert module fixes #55

Merged
merged 2 commits into from Sep 26, 2018
Merged

Cert module fixes #55

merged 2 commits into from Sep 26, 2018

Conversation

SilleBille
Copy link
Member

edewata
edewata approved these changes Sep 25, 2018
View reviewed changes
Copy link
Contributor

@edewata edewata left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a minor enhancement request. Everything else is good. ACK.

base/server/python/pki/server/cli/cert.py Outdated
# audit and CA certs require special flags set in NSSDB
# TODO: When CA renewal is added, add the corresponding trust attrs for CA
trust_attributes = None
if cert_tag == 'audit_signing':
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's add another case for cert_id == 'ca_signing' although we may not support renewing CA signing cert right now. The flag should be "CT,C,C". The "u" flag will automatically be added by NSS if the cert has a corresponding key in the database.

base/server/python/pki/server/cli/cert.py Outdated
# TODO: When CA renewal is added, add the corresponding trust attrs for CA
trust_attributes = None
if cert_tag == 'audit_signing':
trust_attributes = 'u,u,Pu'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's change it to ",,P". The "u" flag will automatically be added by NSS if the cert has a corresponding key in the database.

@SilleBille SilleBille force-pushed the cert_module_fixes branch 3 times, most recently from 8190e6b to b85d2df Compare September 26, 2018 13:57
@SilleBille
cert-create --serial option takes both hex and int
b1f9682 
`pki-server cert-create --serial <serial>` option now accepts both hex
and int. This patch syncs up with other modules on processing the user
provided --serial option

Ticket: https://pagure.io/dogtagpki/issue/3067

Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
@SilleBille
Fix trust flags for audit and ca signing cert
3adba35 
The audit_signing and ca_signing require special flags to be set
in nssdb to render it useful. This patch fixes this issue.

Ticket: https://pagure.io/dogtagpki/issue/3066

Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
@SilleBille SilleBille added Enhancement New features and enhancements related to the product Bug Bug fixes labels Sep 26, 2018
@SilleBille SilleBille self-assigned this Sep 26, 2018
@SilleBille SilleBille merged commit 62efc33 into dogtagpki:master Sep 26, 2018
@SilleBille SilleBille deleted the cert_module_fixes branch September 26, 2018 15:03
This was referenced Oct 1, 2020
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@edewata edewata edewata approved these changes

Assignees

@SilleBille SilleBille

Labels
Bug Bug fixes Enhancement New features and enhancements related to the product
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@SilleBille @edewata