[Freeipa-devel] [PATCHES] 267-294 Support multiple CA certificates in LDAP

Jan Cholasta jcholast at redhat.com
Thu Jun 12 17:45:45 UTC 2014 

Hi,

the attached patches implement 
<https://fedorahosted.org/freeipa/ticket/3259> and 
<https://fedorahosted.org/freeipa/ticket/3520>.

This work depends on my patches 241-253 and 262-266 
(<http://www.redhat.com/archives/freeipa-devel/2014-June/msg00276.html>).

Note that automatic distribution of CA certificates to IPA systems is 
not implemented yet (it's planned for IPA 4.2, see 
<https://fedorahosted.org/freeipa/ticket/4322>), so /etc/ipa/ca.crt, 
/etc/pki/nssdb, /etc/dirsrv/slapd-REALM and /etc/httpd/alias are updated 
*only* during client/server install.

Honza

-- 
Jan Cholasta
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-267-Do-not-treat-the-IPA-RA-cert-as-CA-cert-in-DS-NSS-da.patch
Type: text/x-patch
Size: 3594 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140612/14f426d4/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-268-Remove-certificate-External-CA-cert-from-etc-pki-nss.patch
Type: text/x-patch
Size: 1521 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140612/14f426d4/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-269-Allow-specifying-trust-flags-in-NSSDatabase-and-Cert.patch
Type: text/x-patch
Size: 1986 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140612/14f426d4/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-270-Fix-trust-flags-in-HTTP-and-DS-NSS-databases.patch
Type: text/x-patch
Size: 9914 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140612/14f426d4/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-271-Add-LDAP-schema-for-wrapped-cryptographic-keys.patch
Type: text/x-patch
Size: 3603 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140612/14f426d4/attachment-0004.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-272-Add-LDAP-schema-for-certificate-store.patch
Type: text/x-patch
Size: 3425 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140612/14f426d4/attachment-0005.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-273-Add-container-for-certificate-store.patch
Type: text/x-patch
Size: 1852 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140612/14f426d4/attachment-0006.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-274-Configure-attribute-uniqueness-for-certificate-store.patch
Type: text/x-patch
Size: 2379 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140612/14f426d4/attachment-0007.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-275-Add-permissions-for-certificate-store.patch
Type: text/x-patch
Size: 6714 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140612/14f426d4/attachment-0008.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-276-Add-functions-for-extracting-certificates-fields-in-.patch
Type: text/x-patch
Size: 3376 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140612/14f426d4/attachment-0009.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-277-Add-function-for-extracting-extended-key-usage-from-.patch
Type: text/x-patch
Size: 1752 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140612/14f426d4/attachment-0010.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-278-Add-certificate-store-module-ipalib.certstore.patch
Type: text/x-patch
Size: 12123 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140612/14f426d4/attachment-0011.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-279-Upload-CA-chain-from-DS-NSS-database-to-certificate-.patch
Type: text/x-patch
Size: 3171 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140612/14f426d4/attachment-0012.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-280-Upload-CA-chain-from-DS-NSS-database-to-certificate-.patch
Type: text/x-patch
Size: 3815 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140612/14f426d4/attachment-0013.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-281-Rename-CertDB-method-add_cert-to-import_cert.patch
Type: text/x-patch
Size: 1684 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140612/14f426d4/attachment-0014.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-282-Add-method-for-adding-certificates-by-value-to-NSSDa.patch
Type: text/x-patch
Size: 1717 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140612/14f426d4/attachment-0015.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-283-Import-CA-certs-from-certificate-store-to-DS-NSS-dat.patch
Type: text/x-patch
Size: 1938 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140612/14f426d4/attachment-0016.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-284-Import-CA-certs-from-certificate-store-to-HTTP-NSS-d.patch
Type: text/x-patch
Size: 2309 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140612/14f426d4/attachment-0017.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-285-Upload-renewed-CA-cert-to-certificate-store-on-renew.patch
Type: text/x-patch
Size: 1629 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140612/14f426d4/attachment-0018.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-286-Refactor-CA-certificate-fetching-code-in-ipa-client-.patch
Type: text/x-patch
Size: 7198 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140612/14f426d4/attachment-0019.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-287-Support-multiple-CA-certificates-in-etc-ipa-ca.crt-i.patch
Type: text/x-patch
Size: 4246 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140612/14f426d4/attachment-0020.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-288-Add-function-for-writing-list-of-certificates-to-a-P.patch
Type: text/x-patch
Size: 3379 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140612/14f426d4/attachment-0021.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-289-Get-CA-certs-for-etc-ipa-ca.crt-from-certificate-sto.patch
Type: text/x-patch
Size: 4588 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140612/14f426d4/attachment-0022.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-290-Allow-overriding-NSS-database-path-in-RPCClient.patch
Type: text/x-patch
Size: 1646 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140612/14f426d4/attachment-0023.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-291-Get-CA-certs-for-etc-pki-nssdb-from-certificate-stor.patch
Type: text/x-patch
Size: 7056 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140612/14f426d4/attachment-0024.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-292-Add-functions-for-DER-encoding-certificate-extension.patch
Type: text/x-patch
Size: 1790 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140612/14f426d4/attachment-0025.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-293-Get-CA-certs-for-system-wide-store-from-cert-store-i.patch
Type: text/x-patch
Size: 9692 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140612/14f426d4/attachment-0026.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-294-Get-up-to-date-CA-certificates-from-certificate-stor.patch
Type: text/x-patch
Size: 3329 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140612/14f426d4/attachment-0027.bin>

More information about the Freeipa-devel mailing list