This port was done downstream in during the OpenSSL beta in another
distribution but hasn't been merged upstream yet (because of said
beta).
Add port to Fedora. It will be merged upstream soon as well though
when it will land in a full release is TBD.
- Don't send SIGKILL to child processes to terminate them
- Switch to JSON for communication with IPA
- Drop empty translation files in prep for dropping Zanata service
- Change python2-dbus build dependency to python3
- Convert tests to pass under python 3
- Skip DSA tests because it is disabled by default crypto policy
None of currently supported distributions need that.
Last one was EL5 which is EOL for a while.
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
None of currently supported distributions need that.
It was needed last for EL5 which is EOL now
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
- Patch to fix NSS handling of keys in sqlite databases
- Patches to fix tests now that sqlite is the NSS default.
Also fix building in rawhide due to packaging changes
- Remove BR on mktemp. It is now provided by coreutils.
The BuildRequires was setup to use a file because for some older
distributions popt.h was included in popt itself.
It's time to remove this workaround.
- update to 0.79.5:
- getcert start-tracking: use issuer option when specified
- add support for specifying the MS certificate template
- Reformat certificates returned by Dogtag to strip extra newline
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
- update to 0.79.4:
- fix CA option name for ipa cert-request
- fix minor memory leak
- fix build warnings
- fix an incorrect date in the .spec changelog
- bump gettext version to avoid warning
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
- update to 0.79.2:
- update %%docs list because README is now README.md
- update to 0.79.1:
- update translations
- fix 'make archive' target
- update to 0.79:
- getcert now offers an option (-X) for requesting processing by a particular
CA if the server we're contacting is running more than one
- getcert also offers options (--for-ca, --not-for-ca, --ca-path-length) for
requesting BasicConstraints values
- getcert now displays times in local time instead of UTC, which was
previously the only way they were displayed; the --utc option can often be
used to switch back to its previous behavior
- the SCEP enrollment helper now correctly issues GetCACertChain requests to
SCEP servers, instead of issuing a GetCAChain request, which isn't part of
the protocol; from report by Jason Garland
- when issuing SCEP requests, the ID of the CA included in the HTTP request
is now URL-encoded, as it should be
- renewal or notification-of-impending-expiration logic is now triggered
closer to TTL thresholds rather than waiting for a periodic check to pass a
threshold
- properly builds with OpenSSL 1.1, thanks to Lukas Slebodnik and Tomas Mraz
for a lot of the legwork
- resync .spec file with Fedora
- upstream project migrated from fedorahosted.org to pagure.io
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Add backported fix to the tests to wait a reasonable amount of time
after calling the 'resubmit' method for a new certificate to be issued
when we're exercising the D-Bus API (backport done by Jan Cholasta,
Instead of using killall to send a SIGHUP to the system bus daemon in
%post to get it to reload its configuration, use dbus-send to send a
ReloadConfig request over the bus (should fix#1277573).