update to 0.62

- add a -u flag to getcert to enable requesting a keyUsage extension value - request subjectKeyIdentifier extensions from CAs, and include them in self-signed certificates - request basicConstraints from CAs, defaulting to requests for end-entity certificates - when requesting CA certificates, also request authorityKeyIdentifier - add support for requesting CRL distribution point and authorityInfoAccess extensions that specify OCSP responder locations - don't crash when OpenSSL can't build a template certificate from a request when we're in FIPS mode - put NSS in FIPS mode, when the system booted that way, except when we're trying to write certificates to a database - fix CSR generation and self-signing in FIPS mode with NSS - fix self-signing in FIPS mode with OpenSSL - new languages from the translation team: mai, ml, nn, ga
2012-11-29 00:45:48 -05:00 · 2012-11-29 00:45:48 -05:00 · 9e017b41b6
commit 9e017b41b6
parent d7b55107b2
3 changed files with 23 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -44,3 +44,5 @@ certmonger-0.28.tar.gz
 /certmonger-0.60.tar.gz.sig
 /certmonger-0.61.tar.gz
 /certmonger-0.61.tar.gz.sig
 /certmonger-0.62.tar.gz
 /certmonger-0.62.tar.gz.sig
--- a/certmonger.spec
+++ b/certmonger.spec
@ -19,8 +19,8 @@
 %endif
 Name:		certmonger
-Version:	0.61
+Version:	0.62
-Release:	3%{?dist}
+Release:	1%{?dist}
 Summary:	Certificate status monitor and PKI enrollment client
 Group:		System Environment/Daemons
@ -28,7 +28,6 @@ License:	GPLv3+
 URL:		http://certmonger.fedorahosted.org
 Source0:	http://fedorahosted.org/released/certmonger/certmonger-%{version}.tar.gz
 Source1:	http://fedorahosted.org/released/certmonger/certmonger-%{version}.tar.gz.sig
 Patch0:		certmonger-x509-req-to-x509.patch
 BuildRoot:	%(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 BuildRequires:	dbus-devel, nspr-devel, nss-devel, openssl-devel
@ -88,7 +87,6 @@ system enrolled with a certificate authority (CA) and keeping it enrolled.
 %prep
 %setup -q
 %patch0 -p1 -b .x509-req-to-x509
 %if 0%{?rhel} > 0
 # Enabled by default for RHEL for bug #765600, still disabled by default for
 # Fedora pending a similar bug report there.
@ -203,6 +201,23 @@ exit 0
 %endif
 %changelog
 * Thu Nov 29 2012 Nalin Dahyabhai <nalin@redhat.com> 0.62-1
 - add a -u flag to getcert to enable requesting a keyUsage extension value
 - request subjectKeyIdentifier extensions from CAs, and include them in
  self-signed certificates
 - request basicConstraints from CAs, defaulting to requests for end-entity
  certificates
 - when requesting CA certificates, also request authorityKeyIdentifier
 - add support for requesting CRL distribution point and authorityInfoAccess
  extensions that specify OCSP responder locations
 - don't crash when OpenSSL can't build a template certificate from a request
  when we're in FIPS mode
 - put NSS in FIPS mode, when the system booted that way, except when we're
  trying to write certificates to a database
 - fix CSR generation and self-signing in FIPS mode with NSS
 - fix self-signing in FIPS mode with OpenSSL
 - new languages from the translation team: mai, ml, nn, ga
 * Tue Nov 27 2012 Nalin Dahyabhai <nalin@redhat.com> 0.61-3
 - backport change from git to not choke if X509_REQ_to_X509() fails when we're
  self-signing using OpenSSL
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-9d4c1231366a97203ff16df815b3a4c6  certmonger-0.61.tar.gz
+6e6012dbfee1c54752b1d09fb50679a9  certmonger-0.62.tar.gz
-a577b6950116d55b807a4a397d733839  certmonger-0.61.tar.gz.sig
+3a60362d8d6daea3520c0523d4a614b3  certmonger-0.62.tar.gz.sig
`@ -1,2 +1,2 @@`
	`9d4c1231366a97203ff16df815b3a4c6 certmonger-0.61.tar.gz`	`6e6012dbfee1c54752b1d09fb50679a9 certmonger-0.62.tar.gz`
	`a577b6950116d55b807a4a397d733839 certmonger-0.61.tar.gz.sig`	`3a60362d8d6daea3520c0523d4a614b3 certmonger-0.62.tar.gz.sig`