rpms/certmonger
5
0
Fork 0
Code Issues Pull Requests Releases Activity

update to 0.62

Browse Source 
- add a -u flag to getcert to enable requesting a keyUsage extension value
- request subjectKeyIdentifier extensions from CAs, and include them in
  self-signed certificates
- request basicConstraints from CAs, defaulting to requests for end-entity
  certificates
- when requesting CA certificates, also request authorityKeyIdentifier
- add support for requesting CRL distribution point and authorityInfoAccess
  extensions that specify OCSP responder locations
- don't crash when OpenSSL can't build a template certificate from a request
  when we're in FIPS mode
- put NSS in FIPS mode, when the system booted that way, except when we're
  trying to write certificates to a database
- fix CSR generation and self-signing in FIPS mode with NSS
- fix self-signing in FIPS mode with OpenSSL
- new languages from the translation team: mai, ml, nn, ga
This commit is contained in:
Nalin Dahyabhai 2012-11-29 00:45:48 -05:00
parent d7b55107b2
commit 9e017b41b6
3 changed files with 23 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -44,3 +44,5 @@ certmonger-0.28.tar.gz
/certmonger-0.60.tar.gz.sig
/certmonger-0.61.tar.gz
/certmonger-0.61.tar.gz.sig
/certmonger-0.62.tar.gz
/certmonger-0.62.tar.gz.sig

23
certmonger.spec
View File

@ -19,8 +19,8 @@
%endif
Name: certmonger
Version: 0.61
Release: 3%{?dist}
Version: 0.62
Release: 1%{?dist}
Summary: Certificate status monitor and PKI enrollment client
Group: System Environment/Daemons
@ -28,7 +28,6 @@ License: GPLv3+
URL: http://certmonger.fedorahosted.org
Source0: http://fedorahosted.org/released/certmonger/certmonger-%{version}.tar.gz
Source1: http://fedorahosted.org/released/certmonger/certmonger-%{version}.tar.gz.sig
Patch0: certmonger-x509-req-to-x509.patch
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
BuildRequires: dbus-devel, nspr-devel, nss-devel, openssl-devel
@ -88,7 +87,6 @@ system enrolled with a certificate authority (CA) and keeping it enrolled.
%prep
%setup -q
%patch0 -p1 -b .x509-req-to-x509
%if 0%{?rhel} > 0
# Enabled by default for RHEL for bug #765600, still disabled by default for
# Fedora pending a similar bug report there.
@ -203,6 +201,23 @@ exit 0
%endif
%changelog
* Thu Nov 29 2012 Nalin Dahyabhai <nalin@redhat.com> 0.62-1
- add a -u flag to getcert to enable requesting a keyUsage extension value
- request subjectKeyIdentifier extensions from CAs, and include them in
self-signed certificates
- request basicConstraints from CAs, defaulting to requests for end-entity
certificates
- when requesting CA certificates, also request authorityKeyIdentifier
- add support for requesting CRL distribution point and authorityInfoAccess
extensions that specify OCSP responder locations
- don't crash when OpenSSL can't build a template certificate from a request
when we're in FIPS mode
- put NSS in FIPS mode, when the system booted that way, except when we're
trying to write certificates to a database
- fix CSR generation and self-signing in FIPS mode with NSS
- fix self-signing in FIPS mode with OpenSSL
- new languages from the translation team: mai, ml, nn, ga
* Tue Nov 27 2012 Nalin Dahyabhai <nalin@redhat.com> 0.61-3
- backport change from git to not choke if X509_REQ_to_X509() fails when we're
self-signing using OpenSSL

4
sources
View File

@ -1,2 +1,2 @@
9d4c1231366a97203ff16df815b3a4c6 certmonger-0.61.tar.gz
a577b6950116d55b807a4a397d733839 certmonger-0.61.tar.gz.sig
6e6012dbfee1c54752b1d09fb50679a9 certmonger-0.62.tar.gz
3a60362d8d6daea3520c0523d4a614b3 certmonger-0.62.tar.gz.sig