- Don't send SIGKILL to child processes to terminate them
- Switch to JSON for communication with IPA
- Drop empty translation files in prep for dropping Zanata service
- Change python2-dbus build dependency to python3
- Convert tests to pass under python 3
- Skip DSA tests because it is disabled by default crypto policy
None of currently supported distributions need that.
Last one was EL5 which is EOL for a while.
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
None of currently supported distributions need that.
It was needed last for EL5 which is EOL now
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
- Patch to fix NSS handling of keys in sqlite databases
- Patches to fix tests now that sqlite is the NSS default.
Also fix building in rawhide due to packaging changes
- Remove BR on mktemp. It is now provided by coreutils.
The BuildRequires was setup to use a file because for some older
distributions popt.h was included in popt itself.
It's time to remove this workaround.
- update to 0.79.5:
- getcert start-tracking: use issuer option when specified
- add support for specifying the MS certificate template
- Reformat certificates returned by Dogtag to strip extra newline
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
- update to 0.79.4:
- fix CA option name for ipa cert-request
- fix minor memory leak
- fix build warnings
- fix an incorrect date in the .spec changelog
- bump gettext version to avoid warning
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
- update to 0.79.2:
- update %%docs list because README is now README.md
- update to 0.79.1:
- update translations
- fix 'make archive' target
- update to 0.79:
- getcert now offers an option (-X) for requesting processing by a particular
CA if the server we're contacting is running more than one
- getcert also offers options (--for-ca, --not-for-ca, --ca-path-length) for
requesting BasicConstraints values
- getcert now displays times in local time instead of UTC, which was
previously the only way they were displayed; the --utc option can often be
used to switch back to its previous behavior
- the SCEP enrollment helper now correctly issues GetCACertChain requests to
SCEP servers, instead of issuing a GetCAChain request, which isn't part of
the protocol; from report by Jason Garland
- when issuing SCEP requests, the ID of the CA included in the HTTP request
is now URL-encoded, as it should be
- renewal or notification-of-impending-expiration logic is now triggered
closer to TTL thresholds rather than waiting for a periodic check to pass a
threshold
- properly builds with OpenSSL 1.1, thanks to Lukas Slebodnik and Tomas Mraz
for a lot of the legwork
- resync .spec file with Fedora
- upstream project migrated from fedorahosted.org to pagure.io
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add backported fix to the tests to wait a reasonable amount of time
after calling the 'resubmit' method for a new certificate to be issued
when we're exercising the D-Bus API (backport done by Jan Cholasta,
Instead of using killall to send a SIGHUP to the system bus daemon in
%post to get it to reload its configuration, use dbus-send to send a
ReloadConfig request over the bus (should fix#1277573).