- keep the lock on the pid file, if we have one, when we fork, and cancel
daemon startup if we can't gain ownership of the lock (the rest of
#596719)
- make the man pages note which external configuration files we consult
when submitting requests to certmaster and ipa CAs
- new translations
- de by Fabian Affolter!
- certmaster-submit: don't fall over when we can't find a certmaster.conf
or a minion.conf (i.e., certmaster isn't installed) (#588932)
- when reading extension values from certificates, prune out duplicate
principal names, email addresses, and hostnames
- getcert/*-getcert: relay the desired CA to the local service, whether
specified on the command line (in getcert) or as a built-in hard-wired
default (in *-getcert) (#584983)
- flesh out the default certmonger.conf so that people can get a feel for
the expected formatting (Jenny Galipeau)
- correctly parse certificate validity periods given in years (spotted by
Stephen Gallagher)
- setup for translation
- es by Héctor Daniel Cabrera!
- ru by Yulia Poyarkova!
- uk by Yuri Chornoivan!
- fix unpreprocessed defaults in certmonger.conf's man page
- tweak the IPA-specific message that indicates a principal name also needs
to be specified if we're not using the default subject name (#579542)
- make the validity period of self-signed certificates into a configuration
setting and not a piece of the state information we track about the
signer
- init script: exit with status 2 instead of 1 when invoked with an
unrecognized argument (#584517)
- add support for using encrypted storage for keys, using PIN values
supplied directly or read from files whose names are supplied
- don't choke on NSS database locations that use the "sql:" or "dbm:"
prefix
