b38981c Add SCEP config option to treat the challenge password as an OTP

4 files Authored by Your Name 2 years ago, Committed by rcritten 2 years ago,
    Add SCEP config option to treat the challenge password as an OTP
    
    SCEP RFC 8894 specifies that a challenge password SHOULD be
    removed from subsequent requests but that it MAY be included.
    
    This adds a new configuration option to treat the challenge password
    as a one-time password (OTP) so that it will not be sent on
    subsequent requests, like renewals, by removing it completely
    from the tracking request.
    
    This allows certmonger to be able to renew AD-issued SCEP certificates
    if the AD registry entry DisableRenewalSubjectNameMatch is set to 1.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1577570
    
    Signed-off-by: Rob Crittenden <rcritten@redhat.com>
    
        
file modified
+9 -0
file modified
+13 -0
file modified
+15 -0
file modified
+4 -0