rpms/certmonger
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to 0.75

Browse Source 
- add a -w (wait) flag to the getcert's request/resubmit/start-tracking
  commands, and add a non-waiting "status" command
- add the "local" signer, a local toy CA that signs anything you'll
  ask it to sign
- fix self-test errors that we trigger with new OpenSSL
- fix a build error that would sometimes happen when we're told to
  build PIE binaries
- quiet a compile warning
- retrieve CA information from CAs, if the helpers can do so, and
  add a command to explicitly refresh that data: "getcert refresh-ca"
- offer to save CA certificates to files and databases, when specified with
  new -a and -F flags to getcert request/resubmit/start-tracking (#1098208,
  trac #31)
- add IP address subject alternate names when getcert request/resubmit
  is passed the -A option (trac #35)
- read and cache the freshestCRL extension in certificates
- properly interpret KDC-unreachable errors encountered in the IPA
  submission error as a server-unreachable error that we will retry,
  rather than a misconfiguration error which we won't
- don't let tests get tripped up by new formatting used in dos2unix status
  messages (#1099080)
- updated translations
- be explicit that we are going to use bashisms in test scripts by calling
  the shell interpreter as 'bash' rather than 'sh' (trac #27)
This commit is contained in:
Nalin Dahyabhai 2014-06-13 17:27:25 -04:00
parent 2c35256181
commit 468fcf0c32
3 changed files with 59 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -64,3 +64,5 @@ certmonger-0.28.tar.gz
/certmonger-0.73.tar.gz.sig
/certmonger-0.74.tar.gz
/certmonger-0.74.tar.gz.sig
/certmonger-0.75.tar.gz
/certmonger-0.75.tar.gz.sig

58
certmonger.spec
View File

@ -19,8 +19,8 @@
%endif
Name: certmonger
Version: 0.74
Release: 2%{?dist}
Version: 0.75
Release: 1%{?dist}
Summary: Certificate status monitor and PKI enrollment client
Group: System Environment/Daemons
@ -30,7 +30,8 @@ Source0: http://fedorahosted.org/released/certmonger/certmonger-%{version}.tar.g
Source1: http://fedorahosted.org/released/certmonger/certmonger-%{version}.tar.gz.sig
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
BuildRequires: dbus-devel, nspr-devel, nss-devel, openssl-devel
BuildRequires: openldap-devel
BuildRequires: dbus-devel, nspr-devel, nss-devel, openssl-devel, libidn-devel
%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
BuildRequires: libuuid-devel
%else
@ -204,9 +205,60 @@ exit 0
%endif
%changelog
* Fri Jun 13 2014 Nalin Dahyabhai <nalin@redhat.com> 0.75-1
- add a -w (wait) flag to the getcert's request/resubmit/start-tracking
commands, and add a non-waiting status command
* Wed Jun 11 2014 Nalin Dahyabhai <nalin@redhat.com> 0.74.96-1
- make the trust settings we apply to CA-supplied certificates while
saving them to NSS databases run-time configurable
- fix compiling against EL5-era OpenSSL
- when saving CA certificates we pull from an IPA server, nickname
it using the realm name with " IPA CA" appended rather than just
naming it "IPA CA"
- fix the local signer so that when it issues itself a new certificate,
it uses the same subject name
- add a -w flag to getcert's request, resubmit, and start-tracking
commands, telling it to wait until either the certificate is issued,
we get to a state where we know that we won't be able to get one, or
we are waiting for a CA
* Mon Jun 9 2014 Nalin Dahyabhai <nalin@redhat.com> 0.74.95-1
- add the "local" signer, a local toy CA that signs anything you'll
ask it to sign
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.74-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri Jun 6 2014 Nalin Dahyabhai <nalin@redhat.com> 0.74.94-1
- fix self-test errors that we trigger with new OpenSSL
- fix a build error that would sometimes happen when we're told to
build PIE binaries
- quiet a compile warning
* Thu Jun 5 2014 Nalin Dahyabhai <nalin@redhat.com> 0.74.93-1
- add some self-tests
- simplify the internal submit-to-CA logic
- fixes for more problems found through static analysis
* Tue Jun 3 2014 Nalin Dahyabhai <nalin@redhat.com> 0.74.92-1
- retrieve CA information from CAs, if the helpers can do so, and
add a command to explicitly refresh that data: "getcert refresh-ca"
- offer to save CA certificates to files and databases, when specified with
new -a and -F flags to getcert request/resubmit/start-tracking (#1098208,
trac #31)
- add IP address subject alternate names when getcert request/resubmit
is passed the -A option (trac #35)
- read and cache the freshestCRL extension in certificates
- properly interpret KDC-unreachable errors encountered in the IPA
submission error as a server-unreachable error that we will retry,
rather than a misconfiguration error which we won't
- don't let tests get tripped up by new formatting used in dos2unix status
messages (#1099080)
- updated translations
- be explicit that we are going to use bashisms in test scripts by calling
the shell interpreter as 'bash' rather than 'sh' (trac #27)
* Thu Apr 3 2014 Nalin Dahyabhai <nalin@redhat.com> 0.74-1
- also save state when we exit due to SIGHUP
- don't get tripped up when enrollment helpers hand us certificates which

4
sources
View File

@ -1,2 +1,2 @@
cd73eed2f6ef837a790286d0998c6c47 certmonger-0.74.tar.gz
1764071325f7e7d6d143862a88e07071 certmonger-0.74.tar.gz.sig
e84ed86a9392b1a49a01149cea669ddc certmonger-0.75.tar.gz
79c053b21ee1a58824205eb08f9c06df certmonger-0.75.tar.gz.sig