389-ds-base

Clone
Source Code
GIT

57dcdf1 Bug 624547 - attrcrypt should query the given slot/token for

Authored and Committed by Noriko Hosoi 13 years ago
raw patch tree parent
3 files changed. 151 lines added. 29 lines removed.
ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c
file modified
+117 -24
ldap/servers/slapd/proto-slap.h
file modified
+3 -0
ldap/servers/slapd/security_wrappers.c
file modified
+31 -5 
    Bug 624547 - attrcrypt should query the given slot/token for
    supported ciphers
    
    https://bugzilla.redhat.com/show_bug.cgi?id=624547
    
    Description:
    1. To retrieve a certificate from an external token (i.e., not
       "internal (software)"), "<token>:<cert_nickname> should have
       been passed.  The <token> part was missing.
    2. The key to be used for encryption and decryption internally
       needs to have ENCRYPT and DECRYPT attribute set, respectively.
       The correct attributes were not set.  Note: these attributes
       are automatically set for the softoken in nss, but not for the
       external token.  This is why attrcrypt worked for the softoken,
       but not for the external token.  The attributes need to be set
       when the key is generated as well as when the key is unwrapped.
    3. Adding a code to check if the underlying system supports the
       cipher or not before generating a key.  If it is not supported,
       it issues a message not to choose the cipher for the attrcrypt/
       changelog encryption.  If none of the ciphers are supported and
       if attrcrypt/changelog encryption is enabled, the server fails
       to start.
file modified
+117 -24
file modified
+3 -0
file modified
+31 -5
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.