newpki-server-2.0.0-rc1 RPM for i386

From SourceForge / n / ne / newpki

NewPKI is a PKI based on the OpenSSL low-level API, all the datas are
handled through a database, which provides a much more flexible PKI than
with OpenSSL, such as seeking a certificate with a search engine.

Provides

• newpki-server
• config(newpki-server)
• libpublication_file.so.0
• libpublication_ldap.so.0

Requires

• /bin/bash
• /bin/sh
• /bin/sh
• config(newpki-server)
• libc.so.6
• libc.so.6(GLIBC_2.0)
• libc.so.6(GLIBC_2.1)
• libc.so.6(GLIBC_2.1.3)
• libcrypto.so.5
• libgcc_s.so.1
• libgcc_s.so.1(GCC_3.0)
• libldap-2.2.so.7
• libm.so.6
• libmysqlclient.so.14
• libnewpki.so.2
• libpthread.so.0
• libpthread.so.0(GLIBC_2.0)
• libssl.so.5
• libstdc++.so.6
• libstdc++.so.6(CXXABI_1.3)
• libstdc++.so.6(CXXABI_1.3.1)
• libstdc++.so.6(GLIBCXX_3.4)
• libstdc++.so.6(GLIBCXX_3.4.4)
• mysql
• newpki-lib
• openldap >= 2.0.27-8
• openssl
• rpmlib(CompressedFileNames) = 3.0.4-1
• rpmlib(PayloadFilesHavePrefix) = 4.0-1

Copyright

GPL

Signatures

internal MD5: e7bc1659e298dd9cb2668c86aa76ccfc

Changelog

* Sun Oct 09 2005 Frederic Giudicelli <frederic.giudicelli@newpki.org>
  Version 2.0.0-0
  	-Testing the presence of either PTHREAD_MUTEX_RECURSIVE or 
  	either PTHREAD_MUTEX_RECURSIVE_NP in configure script (Xavier Pechoultres).
  	- Greatly improved the configure script.
  	- Corrected bug when requesting the certificate to be sent to the end-user 
  	on a PKCS#10 request.
  	- Added the possibilty to warn a certificate's owner when the certificate 
  	is about to expiry (Erik Anderson).
  	- Created a File publication module.
  	- Added the possibility to restore a CA cert from a PKCS#12.
  	- Added the possibility to view the certificate and CRL extensions from the
  	CA GUI.
  	- Added a "Object/Code Sign" extensions template (Neil Franken).
  	- Validating the extension when manually added.
  	- Changed the Error window, to be able to copy the error message.
  	- When an email failed to be sent it still was removed from the DB.
  	- Added the EE Entity (GUI).
  	- Added the EE Site.
  	- Sanatized the code for handling the asynchronous messages.
  	- Added display filters for the profiles on the RA Admin GUI.
  	- Added "keyEncipherment" to extension "keyUsage" on template "SSL Server"
  	to make certificate work with Firefox/Mozilla (Paul Freeman).
  	- Fixed a bug on date filter in Logs Filter Window (Paul Freeman).
  	- Added display filters in RA GUI.
  	- Changed the inactivity timeout from 5 mins to 1 hour.
  	- Fixed a memleak when handling CSP Private Keys.
  	- Added automatic switch of LDAP Protocol when server doesn't support 
  	current Protocol version (sCrypto).
  	- Corrected a problem with the way the memory was allocated in the 
  	publication modules.
  	- Added the possibility to import a PKCS#12 to a Smart Card from
  	the RA GUI.
  	- Added missing ACL strings.
  	- Fixed bug when deleting a DN entry in RA Conf, the display 
  	wasn't refreshed (Romain BOTTAN).
  	- When deleting a DN Entry in RA Conf, removing its associated DN Policy.
  	- When SMTP server's name fails to be resolved, Entity is still loaded, we
  	retry later to resolve the name (sCrypto).
  	- Now handling CSR's extensions (Brian Gregory).
  	- Now handling certificate suspension (Diego de Felice).
  	- Greatly improved SQL performances by using ReadersWriter access 
  	on connection.
  	- Fixed a nasty Dead-Lock in ReadersWriter.
  	- Fixed a race condition in Entity_RA.
  	- Fixed a race condition in Entity_EE.
  	- Validating the return of most sprintf.
  	- Compiling FileLog.cpp with __USE_LARGEFILE64, 
  	this allows to have a bigger Log file.
  	- Upgraded autoconf (2.59-5), automake (1.9.5-1), gettext (0.14.3-1) 
  	and libtool (1.5.16) compilation scripts.
  	- RPMs are now compiled on FC4.
  	- Upgraded to openssl 0.9.7g (WIN32).
  	- Added a Batch importation feature on the RA.
  	- Fixed a few 64 bit compilation issues on client (Andreas Jochens).
* Tue Jul 27 2004 Frederic Giudicelli <frederic.giudicelli@newpki.org>
  Version 2.0.0-beta4
  	- Removed "Includes/SQL/SQL_CMD.h".
  	- A CA republishes every 12 hours all its certificates, revocation and CRLs.
  	- The repositories are now "purged", meaning when they synchronize they no more
  	send the list all the known requests/responses, which over time would have used
  	way too many resources.
  	- Improved memory usage in PKI_CRL.
  	- Simplified the synchronization code.
  	- The CA now stores the LDAP UID, it allows the publication to be handled a 
  	better way when a certificate is generated/revoked for the CA GUI.
  	- Optimized the repository database.
  	- Fixed a problem in LDAP synchronization, when a RA's DN Spec didn't have
  	a default value, and when the field wasn't present in the LDAP result.
  	- Fixed the problems related to bad translations. (Raphaël Précigout)
  	- Added support for DN access in extensions.
  	ex. subjectAltName=email:<dn>emailAddress:move</dn>.
  	The supported actions are move and copy.
  	- In PKI GUI, disabled "Configure Entity" for entities that had no configuration window.
  	- Moved "Includes/Conf.h" and "Includes/Conf.cpp" to "Server/".
  	- Improved the entities' links verification algorithm. (Wolf)
  	- When creating a PKI User certificate, if the private key is of software kind,
  	it's now generated on server side, and a PKCS#12 is sent back to the user.
  	- Improved the code for PKI Users management on Client Side.
  	- Improved the inter-repositories configuration synchronization algorithm, the number
  	of connections used to be n*(n-1) where n is the number of repositories, now it is much less.
  	- Added the options to specify the path to openssl, in publication_ldap's configure (Paul Freeman).
  	- When the socket server is fully started, It now yields to the rest of the PKI, 
  	that it can start working. There is more stupid waiting.
  	- Fixed a few memory leaks in the repositories.
  	- Improved the synchronization algorithm for a firewalled repository.
  	- Removed the global signature for the profiles.
  	- Improved memory usage in SockServerADMIN.
  	- Improved memory usage in PKI_CSR.
  	- If there is an error reading a certificate from the CA GUI, the faulty certificate
  	is displayed.
  	- Optimized SQL::FormatString and SQL::Value.
  	- Fixed a bug where the new users would never show up in the ACL.
  	- Now using SSL sessions cache, to improve performances.
  	- Improved memory usage in the handling of the protocol, to avoid having a list of objects
  	growing up and never being flushed if the repository is temporarly unavailable.
  	- Greatly improved the use of Mutex in AsynchJobs.
  	- When inserting a profile and the owner is a group, validating that the group exists.
  	- Added the possibility to change a profile's LDAP UID.
  	- Added the possibility to change a profile's Owner.
  	- Added the possibility to change a profile's DN.
  	- Added the possibility to delete a profile and all its associated certificates.
  	- Upgraded to openssl 0.9.7d.
  	- Encapsulated all the ASN1 structures used by NewPKI into classes, this will
  	greatly improve the security of NewPKI, and help the code maintenance.
  	- It's no more possible to send two times a request to a repository.
  	- When an entity fails to load it's now displayed into the Server GUI, which will allow
  	it to be removed if necessary.
  	- It's now possible to load/unload an entity from the Server GUI.
  	- Improved speed of PKI_CERT, datas are only loaded/parsed when they're needed.
  	- Removed a deadlock in ReadersWriter.
  	- Added an internalID to NewpkiRequest, this internalID is set by the requester,
  	the repository verifies that it doesn't already know it, this avoids a requester
  	to send two times the same request.
  	- Rewrote the full synchronization algorithm for repositories, the old one
  	wasn't adapted to a large number of data.
  	- Added the possibility to view from the RA the end-user certificate as a PKCS#7.
  	- Added the possibility to view the CA certificate as a PKCS#7.
  	- Saving the inter-repository objects to DB, instead of using a memory list.
  	- Added automatic database reconnection (Erik Anderson).
  	- Added "-version" option.
* Fri Jan 23 2004 Frederic Giudicelli <frederic.giudicelli@newpki.org>
  Version 2.0.0-beta3.1
  	- Fixed a bug when adding a link between 2 repositories. (Wolf)
* Fri Jan 09 2004 Frederic Giudicelli <frederic.giudicelli@newpki.org>
  Version 2.0.0-beta3
  	- Rewrote the extension syntax parser to allow the use of commas (",") inside it, to have a 
  	comma (",") inside an extension value, you nee to double it (",,").
  	- Added a log entry for certification on CA side.
  	- Added a log entry when receiving a request on CA side.
  	- Fixed a minor bug in links synchronization.
  	- Added the Publication Entity.
  	- Created a LDAP publication module.
  	- Added multilanguage support in GUIs.
  	- Removed old and unused error messages.
  	- Added a real error message when trying to use a CA that hasn't been initialized yet.
  	- Minor improvements of code structure.
  	- Updated to wxWindows 2.4.2.
  	- Certificates that have been revoked from the CA GUI, are now displayed, 
  	back in the RA, as revoked.
  	- LDAP connection is made by the server, the LDAP search in RA is processed by the server,
  	not the client. The LDAP info is blanked when the RA conf is sent to the RA GUI.
  	- Improved memory usage.
  	- Added auto synchronization between LDAP entries and RA profiles.
  	- Added the possibility to send the PKCS#12 password to the end user.
  	- Added the possibility to make the RA randomly generate the PKCS#12 password.
  	- The mails are temporally saved in DB, to make sure they don't get lost if the 
  	server shuts down unexpectedly.
  	- Generally improved the mails handling.
  	- Improved the statistics display.
  	- Added logs export in XML format.
  	- Added the possibility to check logs global integrity.
  	- Added the "Change Password" functionality in the Server GUI.
  	- Compiled against openssl 0.9.7c.
  	- Added some logs, when the responses come back to the RA.
  	- Fixed a bug when setting filters for the visualization of the logs.
  	- Added a "debug" level for logging.
  	- The PKI Admins can now access all the profiles and their certificates, in the RA.
  	- Fixed the bug where the log entry for a user notification email showed up as an
  	administrative email.
  	- Added the possibility to save the entities links picture to a file.
  	- The entities links window can now be as big as desired, the scroll bars expand
  	according to the objects position.
  	- It's now impossible to revoke the last PKI Admin certificate.
  	- Fixed a memory leak in the Server Admin GUI when displaying a context menu.
  	- Added a test in the linux client's "configure" to check for "wx-config".
  	- Added the OCSP responder, inside the publication entity.
  	- Replaced the obsolete Configuration structures to classes.
  	- Fixed a bug in Configuration parser, where the error message
  	wasn't displayed in WIN32.
  	- Fixed a bug when stopping 2 times the server (ex. sending 2 SIGTERM in a row).
  	- Rewrote the thread codes, and improved thread related code's readability.
  	- In the Repository store, the hash for the requests and the responses, get recreated if
  	they have been erased.
  	- It's now possible to send an attachment along with an administrative mail.
  	- Improved the RA Store's code readability.
  	- The RA now sends the requests that were not sent before an unexpected event.
  	- Initialize the OpenSSL MUTEX context, used by internal functions.
  	- Tremendously improved the speed of mString::sprintf.
  	- Improved the mail code.
  	- Removed all occurrences of HashTable_Any.
  	- Transformed PkiClient::THREAD_ERROR into a class.
  	- Optimized the handling of transaction IDs, by making them a maximum length.
  	- The entities are now deleted in another thread.
  	- Fixed a problem with MIME format under Linux.
  	- Introduced the concept of firewalled Repository, meaning that the normal synchronization
  	behavior is modified, normally each repository would connect to each other to send 
  	each other the new PKI Conf and the new Objects. ex. We have RepositoryLAN in the LAN and 
  	RepositoryDMZ in the DMZ, RepositoryDMZ cannot connect to RepositoryLAN due to the LAN firewall,
  	so we declare RepositoryLAN has being firewalled in regard of RepositoryDMZ, which will allow
  	RepositoryLAN to gets the new Objects of RepositoryDMZ, exactly as if RepositoryDMZ did the 
  	synchronization connection itself.
  	- Fixed a few potential MUTEX deadlocks.
* Wed Sep 24 2003 Frederic Giudicelli <frederic.giudicelli@newpki.org>
  Version 2.0.0-beta2
  	- Corrected the bug in the CA GUI.
  	- Corrected a bug in the RA store handler.
  	- Added admin mail notification, when a request gets back to the RA.
  	- Added the possibility to send the certificate/PKCS#12 directly to the user by mail, 
  	  when it gets back to the RA.
  	- Added the "Delete PKCS#12" functionality in the RA GUI.
  	- The certificate can now be imported back to a CSP in the RA GUI.
  	- Corrected a bug in CA when a certificate's DN had an accented letter.
* Wed Sep 24 2003 Frederic Giudicelli <frederic.giudicelli@newpki.org>
  Version 2.0.0-beta1
  	- Added the RA entity.
  	- Corrected some minor bugs.
* Thu Jul 24 2003 Frederic Giudicelli <frederic.giudicelli@newpki.org>
  Version 2.0.0-beta0
  	- Well nothing much to say, NewPKI as be redeveloped.

Files

/etc/init.d/newpki
/etc/newpki
/etc/newpki/config.conf
/etc/newpki/modules
/etc/newpki/modules/libpublication_file.so
/etc/newpki/modules/libpublication_ldap.so
/etc/newpki/newpki.suse
/etc/newpki/publication_file_cert.xml
/etc/newpki/publication_file_crl.xml
/etc/newpki/publication_ldap_cert.xml
/etc/newpki/publication_ldap_crl.xml
/usr/sbin/newpki-server
/usr/share/doc/newpki-server-2.0.0
/usr/share/doc/newpki-server-2.0.0/AUTHORS
/usr/share/doc/newpki-server-2.0.0/COPYING
/usr/share/doc/newpki-server-2.0.0/ChangeLog
/usr/share/doc/newpki-server-2.0.0/NEWS
/usr/share/doc/newpki-server-2.0.0/README
/usr/share/locale/fr/LC_MESSAGES/newpki-server.mo

Generated by rpm2html 1.8.1

Fabrice Bellet, Sun Sep 7 01:27:39 2008