Update to 0.73
- encode the friendlyName attribute in signing requests as a BMPString, not as a PrintableString - catch more filesystem permissions problems earlier (more of #996581) - move the tmpfiles.d file from /etc/tmpfiles.d to %%{_tmpfilesdir}, where it belongs - support generating requests and self-signing using DSA and EC keys
This commit is contained in:
Nalin Dahyabhai
parent
19b37db4dc
commit
42ca560e41
2
.gitignore
vendored
2
.gitignore
vendored
@ -60,3 +60,5 @@ certmonger-0.28.tar.gz
|
||||
/certmonger-0.70.tar.gz.sig
|
||||
/certmonger-0.71.2.tar.gz
|
||||
/certmonger-0.71.2.tar.gz.sig
|
||||
/certmonger-0.73.tar.gz
|
||||
/certmonger-0.73.tar.gz.sig
|
||||
|
||||
@ -19,7 +19,7 @@
|
||||
%endif
|
||||
|
||||
Name: certmonger
|
||||
Version: 0.71.2
|
||||
Version: 0.73
|
||||
Release: 1%{?dist}
|
||||
Summary: Certificate status monitor and PKI enrollment client
|
||||
|
||||
@ -195,13 +195,56 @@ exit 0
|
||||
%{sysvinitdir}/certmonger
|
||||
%endif
|
||||
%if %{tmpfiles}
|
||||
%attr(0644,root,root) %config(noreplace) /etc/tmpfiles.d/certmonger.conf
|
||||
%attr(0644,root,root) %config(noreplace) %{_tmpfilesdir}/certmonger.conf
|
||||
%endif
|
||||
%if %{systemd}
|
||||
%{_unitdir}/*
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Feb 20 2014 Nalin Dahyabhai <nalin@redhat.com> 0.73-1
|
||||
- updates to 0.73
|
||||
- getcert no longer claims to be stuck when a CA is unreachable,
|
||||
because the daemon isn't actually stuck
|
||||
|
||||
* Mon Feb 17 2014 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- updates to 0.73
|
||||
- also pass the key type to enrollment helpers in the environment as
|
||||
a the value of "CERTMONGER_KEY_TYPE"
|
||||
|
||||
* Mon Feb 10 2014 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- move the tmpfiles.d file from /etc/tmpfiles.d to %%{_tmpfilesdir},
|
||||
where it belongs
|
||||
|
||||
* Mon Feb 10 2014 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- updates for 0.73
|
||||
- set the flag to encode EC public key parameters using named curves
|
||||
instead of the default of all-the-details when using OpenSSL
|
||||
- don't break when NSS supports secp521r1 but OpenSSL doesn't
|
||||
- also pass the CA nickname to enrollment helpers in the environment as
|
||||
a text value in "CERTMONGER_CA_NICKNAME", so they can use that value
|
||||
when reading configuration settings
|
||||
- also pass the SPKAC value to enrollment helpers in the environment as
|
||||
a base64 value in "CERTMONGER_SPKAC"
|
||||
- also pass the request's SubjectPublicKeyInfo value to enrollment helpers
|
||||
in the environment as a base64 value in "CERTMONGER_SPKI"
|
||||
- when generating signing requests using NSS, be more accommodating of
|
||||
requested subject names that don't parse properly
|
||||
|
||||
* Mon Feb 3 2014 Nalin Dahyabhai <nalin@redhat.com> 0.72-1
|
||||
- update to 0.72
|
||||
- support generating DSA parameters and keys on sufficiently-new OpenSSL
|
||||
and NSS
|
||||
- support generating EC keys when OpenSSL and NSS support it, using key
|
||||
size to select the curve to use from among secp256r1, secp384r1,
|
||||
secp521r1 (which are the ones that are usually available, though
|
||||
secp521r1 isn't always, even if the other two are)
|
||||
- stop trying to cache public key parameters at all and instead cache public
|
||||
key info properly
|
||||
- encode the friendlyName attribute in signing requests as a BMPString,
|
||||
not as a PrintableString
|
||||
- catch more filesystem permissions problems earlier (more of #996581)
|
||||
|
||||
* Mon Jan 27 2014 Nalin Dahyabhai <nalin@redhat.com> 0.71-1
|
||||
- check for cases where we fail to allocate memory while reading a request
|
||||
or CA entry from disk (John Haxby)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user