d428aed Allow configuration of client SCEP algorithms

Authored and Committed by tvaughan 5 years ago
    Allow configuration of client SCEP algorithms
    
    * Allow users to set `scep_cipher` and `scep_digest` in their CA
    configuration. These settings are authoritative and will override
    anything from the server.  This was added to support connections to
    systems, such as Dogtag, that do not provide a CA capabilities string
    and, therefore, are prone to causing incorrect ciphers to be used on the
    client side.
    
    * In accordance with the latest SCEP Draft RFC, the default cipher has
    been changed to AES-256 and the default digest has been changed to
    SHA-256. These were chosen as reasonable defaults for most users and
    systems.
    
    * To ease the determination of which configuration file controls what
    CA, the output of `getcert list-cas -v` was updated to print a
    `config-path` entry which will list the specific configuration
    associated with a given CA.
    
    Closes #89
    
        
file modified
+6 -0
file modified
+5 -0
file modified
+144 -38
file modified
+22 -0
file modified
+4 -0
file modified
+2 -0
file modified
+148 -1