| #
b50789ce |
| 09-Oct-2018 |
Jayanth Othayoth <ojayanth@in.ibm.com> |
Add support to upload CA certificate
Added support to upload CA certificates in
/etc/ssl/certs path. Curently scope is limited to one
certificate and any new upload is going to override the
existing
Add support to upload CA certificate
Added support to upload CA certificates in
/etc/ssl/certs path. Curently scope is limited to one
certificate and any new upload is going to override the
existing CA certificate.
Change-Id: I9cc60accf6aae4d8123e5f86d618effe33d68d53
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
show more ...
|
| #
a1c55956 |
| 26-Oct-2018 |
Jayanth Othayoth <ojayanth@in.ibm.com> |
Certificate manager: Fix application crash for empty units
During upload/delete certificates certificate manager does
service restart/reload based on "unit" parameter provided
during build time. Thi
Certificate manager: Fix application crash for empty units
During upload/delete certificates certificate manager does
service restart/reload based on "unit" parameter provided
during build time. This is an optional input to support
service related action from certificate manager application.
In the existing delete interface not added any check related
to this and causing application crash due to empty unit
input systemd function.
Proposed fix is to add empty check before consuming unit variable.
Change-Id: I2b0b2bf1fab1db32a00c1c96333388be2af99cc7
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
show more ...
|
| #
8f60085e |
| 08-Oct-2018 |
Jayanth Othayoth <ojayanth@in.ibm.com> |
Ignore trust-chain related errors during certificate upload
This patch allow user to upload CA signed certificate file
with out CA certificate in the certificate store or in the chain.
Ignore trust
Ignore trust-chain related errors during certificate upload
This patch allow user to upload CA signed certificate file
with out CA certificate in the certificate store or in the chain.
Ignore trust chain related errors during openssl based verification.
Trust chain error info:
X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
X509_V_ERR_CERT_UNTRUSTED
X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
Change-Id: I86d00947c0c581afcfa34fc238155f8c7a05971c
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
show more ...
|
| #
62ccb1fc |
| 03-Oct-2018 |
Jayanth Othayoth <ojayanth@in.ibm.com> |
Allow certificate upload for "not yet valid" case
The "certificate is not yet valid" case the notBefore date is
after the current time. This change will help to user to upload
the certificate with "
Allow certificate upload for "not yet valid" case
The "certificate is not yet valid" case the notBefore date is
after the current time. This change will help to user to upload
the certificate with "notBefore" date after current time.
Change-Id: If85aa5c7649cc540dfbc0d14261715d27ad7f075
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
show more ...
|
| #
ae70b3da |
| 30-Sep-2018 |
Deepak Kodihalli <dkodihal@in.ibm.com> |
Implement certificate delete
A deletion of a certificate is invoked by calling the DELETE verb on the
certificate REST endpoint. This application intercepts this and deletes
the certificate file. It
Implement certificate delete
A deletion of a certificate is invoked by calling the DELETE verb on the
certificate REST endpoint. This application intercepts this and deletes
the certificate file. It also reloads/restarts the associated systemd
unit, which may generate a self-signed certificate.
Change-Id: I879551c1aff160cab0c07d1c73ae147f85a6e17e
Signed-off-by: Deepak Kodihalli <dkodihal@in.ibm.com>
show more ...
|
| #
e8199a86 |
| 29-Sep-2018 |
Jayanth Othayoth <ojayanth@in.ibm.com> |
Enable client type certificate install interface
Added support to restart unit, incase reload is not supported
by the unit, also enabled client certificate install function.
Change-Id: I68b7eeb1f81
Enable client type certificate install interface
Added support to restart unit, incase reload is not supported
by the unit, also enabled client certificate install function.
Change-Id: I68b7eeb1f81f6faf65dcfb8e6c5b9b907145747a
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
show more ...
|
| #
589159f2 |
| 28-Sep-2018 |
Jayanth Othayoth <ojayanth@in.ibm.com> |
Add Public/Private key compare function
Comparing private key against certificate public key
from input .pem file
Change-Id: I6abac7f6f33182a41d7bac3562c126c91164de82
Signed-off-by: Jayanth Othayot
Add Public/Private key compare function
Comparing private key against certificate public key
from input .pem file
Change-Id: I6abac7f6f33182a41d7bac3562c126c91164de82
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
show more ...
|
| #
dd74bd20 |
| 28-Sep-2018 |
Jayanth Othayoth <ojayanth@in.ibm.com> |
Add Certificate verification support
Call X509_verify_cert to perform the following validations:
o Check trust settings on the root CA
o Validity of the certificate chain by
enab
Add Certificate verification support
Call X509_verify_cert to perform the following validations:
o Check trust settings on the root CA
o Validity of the certificate chain by
enabling (X509_V_ERR_CERT_HAS_EXPIRED).
For details of the verification, refer:
https://www.openssl.org/docs/manmaster/man1/verify.html
Change-Id: I5fcde5d34658e7b483de2715831107509f31b531
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
show more ...
|
| #
cfbc8dc8 |
| 03-Sep-2018 |
Jayanth Othayoth <ojayanth@in.ibm.com> |
Implementation of certificate install interface
- Copy the certificate and private Key file to the service
specific path based on a configuration file.
- Reload the listed service for which the c
Implementation of certificate install interface
- Copy the certificate and private Key file to the service
specific path based on a configuration file.
- Reload the listed service for which the certificate is
updated.
Change-Id: Iae7d340a0a2381502aef33762eb79b57ddeda07d
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
show more ...
|