You can subscribe to this list here.
2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(9) |
Jun
(40) |
Jul
(45) |
Aug
(35) |
Sep
(28) |
Oct
(12) |
Nov
(43) |
Dec
(36) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2007 |
Jan
(36) |
Feb
(30) |
Mar
(2) |
Apr
(32) |
May
(12) |
Jun
(33) |
Jul
(17) |
Aug
(15) |
Sep
(3) |
Oct
(23) |
Nov
(11) |
Dec
(6) |
2008 |
Jan
(1) |
Feb
|
Mar
|
Apr
(8) |
May
(1) |
Jun
(5) |
Jul
(15) |
Aug
(5) |
Sep
(2) |
Oct
|
Nov
(4) |
Dec
|
2009 |
Jan
(7) |
Feb
(5) |
Mar
(6) |
Apr
(2) |
May
|
Jun
(5) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(6) |
2010 |
Jan
(2) |
Feb
|
Mar
(5) |
Apr
(15) |
May
|
Jun
|
Jul
|
Aug
(8) |
Sep
|
Oct
(2) |
Nov
(1) |
Dec
|
2011 |
Jan
|
Feb
(2) |
Mar
|
Apr
|
May
(6) |
Jun
|
Jul
(1) |
Aug
(3) |
Sep
(5) |
Oct
|
Nov
(5) |
Dec
(1) |
2012 |
Jan
(6) |
Feb
(20) |
Mar
(49) |
Apr
(31) |
May
(18) |
Jun
(10) |
Jul
(9) |
Aug
(3) |
Sep
|
Oct
(8) |
Nov
|
Dec
(1) |
2013 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
(5) |
Oct
(1) |
Nov
(1) |
Dec
|
2014 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(5) |
Aug
(26) |
Sep
(13) |
Oct
|
Nov
(8) |
Dec
(4) |
2015 |
Jan
|
Feb
(6) |
Mar
(1) |
Apr
(6) |
May
(1) |
Jun
(8) |
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
2017 |
Jan
(2) |
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
2018 |
Jan
|
Feb
|
Mar
(3) |
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
(1) |
Nov
|
Dec
(1) |
2019 |
Jan
|
Feb
|
Mar
(2) |
Apr
(2) |
May
(1) |
Jun
|
Jul
|
Aug
(1) |
Sep
(1) |
Oct
(4) |
Nov
(4) |
Dec
(1) |
2020 |
Jan
|
Feb
(1) |
Mar
(1) |
Apr
(1) |
May
(2) |
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
(1) |
Nov
(1) |
Dec
|
2021 |
Jan
|
Feb
|
Mar
(8) |
Apr
(6) |
May
(4) |
Jun
(3) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2022 |
Jan
|
Feb
|
Mar
(5) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2023 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(8) |
Jul
(1) |
Aug
(1) |
Sep
(3) |
Oct
|
Nov
|
Dec
|
From: Sergei V. <svy...@gm...> - 2023-09-19 10:05:41
|
Hi, Ver. 1.52 still has the same problem: t/01-proxy-proc-safeexec.t ...... 7/23 # Looks like you planned 23 tests but ran 24. Looks like it is fixed in develop branch, but not in 1.52 release. Regards, Sergei On 14 Sep 23 Thu 13:52, Oliver Welter wrote: > Hello Sergei, > > thanks for reporting, the issue is already fixed on github and Scott > is creating a new CPAN release today. > > Oliver > > On 14.09.23 00:38, Sergei Vyshenski wrote: >> Hi Oliver, >> Seems that test number count needs an increment. >> Regards, Sergei >> --- >> t/01-proxy-proc-safeexec.t | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/t/01-proxy-proc-safeexec.t b/t/01-proxy-proc-safeexec.t >> index e1c76c6..d514f8b 100644 >> --- a/t/01-proxy-proc-safeexec.t >> +++ b/t/01-proxy-proc-safeexec.t >> @@ -6,7 +6,7 @@ use warnings; >> use English; >> use Syntax::Keyword::Try; >> >> -use Test::More tests => 23; >> +use Test::More tests => 24; >> >> use Log::Log4perl; >> Log::Log4perl->easy_init( { level => 'ERROR' } ); >> >> >> _______________________________________________ >> OpenXPKI-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/openxpki-devel > |
From: Oliver W. <ma...@ol...> - 2023-09-14 10:52:14
|
Hello Sergei, thanks for reporting, the issue is already fixed on github and Scott is creating a new CPAN release today. Oliver On 14.09.23 00:38, Sergei Vyshenski wrote: > Hi Oliver, > Seems that test number count needs an increment. > Regards, Sergei > --- > t/01-proxy-proc-safeexec.t | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/t/01-proxy-proc-safeexec.t b/t/01-proxy-proc-safeexec.t > index e1c76c6..d514f8b 100644 > --- a/t/01-proxy-proc-safeexec.t > +++ b/t/01-proxy-proc-safeexec.t > @@ -6,7 +6,7 @@ use warnings; > use English; > use Syntax::Keyword::Try; > > -use Test::More tests => 23; > +use Test::More tests => 24; > > use Log::Log4perl; > Log::Log4perl->easy_init( { level => 'ERROR' } ); > > > _______________________________________________ > OpenXPKI-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openxpki-devel -- Protect your environment - close windows and adopt a penguin! |
From: Sergei V. <svy...@gm...> - 2023-09-13 22:38:36
|
Hi Oliver, Seems that test number count needs an increment. Regards, Sergei --- t/01-proxy-proc-safeexec.t | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/t/01-proxy-proc-safeexec.t b/t/01-proxy-proc-safeexec.t index e1c76c6..d514f8b 100644 --- a/t/01-proxy-proc-safeexec.t +++ b/t/01-proxy-proc-safeexec.t @@ -6,7 +6,7 @@ use warnings; use English; use Syntax::Keyword::Try; -use Test::More tests => 23; +use Test::More tests => 24; use Log::Log4perl; Log::Log4perl->easy_init( { level => 'ERROR' } ); |
From: Oliver W. <ma...@ol...> - 2023-08-23 07:48:31
|
Dear OpenXPKI Fellows, I am happy to announce the availabilty of the next OpenXPKI release v3.26 with some interessting new features and several bugfixes. Please note that the provided packages are now for Debian 12 (bookworm)! Updated keys, source lists etc can be found on RTD as usual: https://openxpki.readthedocs.io/en/latest/quickstart.html There will be no more releases made for Buster so please upgrade your installations! Inplace Upgrade should work, if you want to migrate to a new machine, moving your database and the /etc/openxpki folder should work for most installations. New Features + Support PSS padding when signing certificates and CRLs + New parameter keep_expire in crl profile to control content of CRL + Browser for Datapool items (EE only) + Support JSON Web Signature in RPC Wrapper Upgrades, Improvements and Bugfixes + Certificate profile fields (profile.template.*.yaml) now support the same attributes as workflow fields + Fix broken server response if custom translation strings contain special characters + Visual improvements of UI form fields (label hyphenation, continuation dots, sizing) + Breadcrumbs on most pages make it possible to see the latest actions at a glance + Popups now provide a Back button on follow-up popup pages + Auto-generated realm selection page + Debian packaging is now on Debian 12 "Bookworm" Removals, Deprecations, Breaking Changes + Remove API command "get_cert_subject_styles" + Remove unused method OpenXPKI::Client::UI::Result::__register_wf_token_initial() + Remove openxpkictl option --foreground (use --no-detach instead) + Parameters validity, reason_code, remove_expired to IssueCRL are deprecated and will be removed with next release + Default behaviour of IssueCRL does now exclude expired certificates (compliant to RFC5280) + Code of the old SCEP layers has been removed (SCEP and LibSCEP) + Usage of PKCS7 wrapped JSON in RPC layer now requires explicit activation in wrapper config + x509 based auth handlers do no longer accept the default_role parameter, role must be used instead + Legacy format spec including mime type for download fields is no longer supported (format: download/mime/type) In case of any questions or comments please use the mailing list ;) best regards Oliver and the rest of the OpenXPKI team -- Protect your environment - close windows and adopt a penguin! |
From: Oliver W. <ow...@wh...> - 2023-07-18 08:13:06
|
Dear OpenXPKI Fellows, we want to inform you about two vulnerabilities in OpenXPKI that might be used to run a cross-sites-scripting attack. Details on the problems can be found in the attached documents. Please note that you need to update code AND configuration! An updated package v3.24.5 is available on the package servers, a minimal fix for the issue was added to the config repository. Please note that our siging key expied recently and was replaced with a new one: gpg --print-md sha256 Release.key (Updated 2023-06-21) F88C6BFC 07ACE167 9399CDE5 21BD9148 4F9DA3EB B38E1BFC DA670B1C C96EB501 best regards Oliver -- White Rabbit Security GmbH, Werner-Heisenberg-Str. 8, 85254 Sulzemoos Contact: +49 8135 314 000-0, of...@wh... Director: Martin Bartosch, Scott T. Hardin, Dr. Oliver Welter |
From: Sergei V. <svy...@gm...> - 2023-06-20 17:53:44
|
Hi Oliver, It is a nice surprise for me that tests are working on linux. Then it should be my responsibility to force them into working condition on freebsd. Let me have a thorough check before disturbing you any further. Regards, Sergei On 6/20/2023 4:00 PM, Oliver Welter wrote: > Hello Sergei, > > the tests are working on our linux dev environment so please share the > logs so we might be able to get this working. > > best regards > > Oliver > > On 08.06.23 00:36, Sergei Vyshenski wrote: >> Thank you, Oliver. >> >> Correct. With that patched Makefile.PL the package builds and >> installs just fine at FreeBSD-13.2 with OpenSSL-3.1.1. >> >> This bring us to the second question. >> What about plans to fix perl tests of the openxpki project? >> Today "make test" says: >> Result: FAIL >> Failed 24/96 test programs. 2/1797 subtests failed. >> >> Want to see a log of tests? >> >> Regards, Sergei >> >> On 6/7/2023 4:26 PM, Oliver Welter wrote: >>> Hi Sergei, >>> >>> this check is a leftover from the times we had a binding so I guess >>> if you just remove this section then the packages should build. >>> >>> Oliver >>> >>> On 07.06.23 00:14, Sergei Vyshenski wrote: >>>> >>>> Sorry for the noise. This log just show break because the present >>>> version of the openxpki package explicitly requires opnessl-1. >>>> >>>> ================== >>>> Hi Oliver, >>>> >>>> Maybe you can see something useful from the build log at >>>> FreeBSD-14-beta (aka Current) and openssl-3: >>>> >>>> https://pkg-status.freebsd.org/gohan05/data/mainamd64openssl3-default/2023-06-05_08h50m07s/logs/errors/p5-openxpki-3.24.1.log >>>> >>>> >>>> Regards, Sergei >>>> >>>> On 6/7/2023 12:53 AM, Oliver Welter wrote: >>>>> Hello Sergei, >>>>> >>>>> we have not done any tests by now but as the CLI interface for the >>>>> relevant calls should not have changed with OpenSSL 3 and we got >>>>> rid of the binary bindings in the core project, it SHOULD not be a >>>>> problem to run OpenXPKI with OpenSSL 3. As we make extensive use >>>>> of the perl CryptX and other libraries which bind to OpenSSL, I >>>>> hope those have adapted the changes in the meantime. >>>>> >>>>> As we have Debian 12 support on the list for the second half of >>>>> the year which also comes with OpenSSL 3 we will see very soon if >>>>> this assumption holds. >>>>> >>>>> best regards >>>>> >>>>> Oliver >>>>> >>>>> On 06.06.23 23:22, Sergei Vyshenski wrote: >>>>>> Hi, >>>>>> >>>>>> Could you please shed some light about plans for support of >>>>>> openssl-3 ? >>>>>> >>>>>> Asking because this summer we expect a new stable release >>>>>> FreeBSD-14, which has openssl-3 in base system. >>>>>> After that using of openssl-1 at FreeBSD becomes a problem, if >>>>>> possible at all. >>>>>> At the moment I am trying to persuade FreeBSD seniors to make >>>>>> some excuses for oepnssl-1, but they rarely hear pleas about >>>>>> keeping old libraries. >>>>>> >>>>>> Regards, Sergei >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> OpenXPKI-devel mailing list >>>>>> Ope...@li... >>>>>> https://lists.sourceforge.net/lists/listinfo/openxpki-devel >>>>>> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> OpenXPKI-devel mailing list >>>> Ope...@li... >>>> https://lists.sourceforge.net/lists/listinfo/openxpki-devel >>>> >> >> >> >> _______________________________________________ >> OpenXPKI-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/openxpki-devel >> |
From: Oliver W. <ma...@ol...> - 2023-06-20 13:00:38
|
Hello Sergei, the tests are working on our linux dev environment so please share the logs so we might be able to get this working. best regards Oliver On 08.06.23 00:36, Sergei Vyshenski wrote: > Thank you, Oliver. > > Correct. With that patched Makefile.PL the package builds and installs > just fine at FreeBSD-13.2 with OpenSSL-3.1.1. > > This bring us to the second question. > What about plans to fix perl tests of the openxpki project? > Today "make test" says: > Result: FAIL > Failed 24/96 test programs. 2/1797 subtests failed. > > Want to see a log of tests? > > Regards, Sergei > > On 6/7/2023 4:26 PM, Oliver Welter wrote: >> Hi Sergei, >> >> this check is a leftover from the times we had a binding so I guess >> if you just remove this section then the packages should build. >> >> Oliver >> >> On 07.06.23 00:14, Sergei Vyshenski wrote: >>> >>> Sorry for the noise. This log just show break because the present >>> version of the openxpki package explicitly requires opnessl-1. >>> >>> ================== >>> Hi Oliver, >>> >>> Maybe you can see something useful from the build log at >>> FreeBSD-14-beta (aka Current) and openssl-3: >>> >>> https://pkg-status.freebsd.org/gohan05/data/mainamd64openssl3-default/2023-06-05_08h50m07s/logs/errors/p5-openxpki-3.24.1.log >>> >>> >>> Regards, Sergei >>> >>> On 6/7/2023 12:53 AM, Oliver Welter wrote: >>>> Hello Sergei, >>>> >>>> we have not done any tests by now but as the CLI interface for the >>>> relevant calls should not have changed with OpenSSL 3 and we got >>>> rid of the binary bindings in the core project, it SHOULD not be a >>>> problem to run OpenXPKI with OpenSSL 3. As we make extensive use of >>>> the perl CryptX and other libraries which bind to OpenSSL, I hope >>>> those have adapted the changes in the meantime. >>>> >>>> As we have Debian 12 support on the list for the second half of the >>>> year which also comes with OpenSSL 3 we will see very soon if this >>>> assumption holds. >>>> >>>> best regards >>>> >>>> Oliver >>>> >>>> On 06.06.23 23:22, Sergei Vyshenski wrote: >>>>> Hi, >>>>> >>>>> Could you please shed some light about plans for support of >>>>> openssl-3 ? >>>>> >>>>> Asking because this summer we expect a new stable release >>>>> FreeBSD-14, which has openssl-3 in base system. >>>>> After that using of openssl-1 at FreeBSD becomes a problem, if >>>>> possible at all. >>>>> At the moment I am trying to persuade FreeBSD seniors to make some >>>>> excuses for oepnssl-1, but they rarely hear pleas about keeping >>>>> old libraries. >>>>> >>>>> Regards, Sergei >>>>> >>>>> >>>>> _______________________________________________ >>>>> OpenXPKI-devel mailing list >>>>> Ope...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/openxpki-devel >>>>> >>> >>> >>> >>> >>> _______________________________________________ >>> OpenXPKI-devel mailing list >>> Ope...@li... >>> https://lists.sourceforge.net/lists/listinfo/openxpki-devel >>> > > > > _______________________________________________ > OpenXPKI-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openxpki-devel > -- Protect your environment - close windows and adopt a penguin! |
From: Sergei V. <svy...@gm...> - 2023-06-07 22:36:47
|
Thank you, Oliver. Correct. With that patched Makefile.PL the package builds and installs just fine at FreeBSD-13.2 with OpenSSL-3.1.1. This bring us to the second question. What about plans to fix perl tests of the openxpki project? Today "make test" says: Result: FAIL Failed 24/96 test programs. 2/1797 subtests failed. Want to see a log of tests? Regards, Sergei On 6/7/2023 4:26 PM, Oliver Welter wrote: > Hi Sergei, > > this check is a leftover from the times we had a binding so I guess if > you just remove this section then the packages should build. > > Oliver > > On 07.06.23 00:14, Sergei Vyshenski wrote: >> >> Sorry for the noise. This log just show break because the present >> version of the openxpki package explicitly requires opnessl-1. >> >> ================== >> Hi Oliver, >> >> Maybe you can see something useful from the build log at >> FreeBSD-14-beta (aka Current) and openssl-3: >> >> https://pkg-status.freebsd.org/gohan05/data/mainamd64openssl3-default/2023-06-05_08h50m07s/logs/errors/p5-openxpki-3.24.1.log >> >> >> Regards, Sergei >> >> On 6/7/2023 12:53 AM, Oliver Welter wrote: >>> Hello Sergei, >>> >>> we have not done any tests by now but as the CLI interface for the >>> relevant calls should not have changed with OpenSSL 3 and we got rid >>> of the binary bindings in the core project, it SHOULD not be a >>> problem to run OpenXPKI with OpenSSL 3. As we make extensive use of >>> the perl CryptX and other libraries which bind to OpenSSL, I hope >>> those have adapted the changes in the meantime. >>> >>> As we have Debian 12 support on the list for the second half of the >>> year which also comes with OpenSSL 3 we will see very soon if this >>> assumption holds. >>> >>> best regards >>> >>> Oliver >>> >>> On 06.06.23 23:22, Sergei Vyshenski wrote: >>>> Hi, >>>> >>>> Could you please shed some light about plans for support of >>>> openssl-3 ? >>>> >>>> Asking because this summer we expect a new stable release >>>> FreeBSD-14, which has openssl-3 in base system. >>>> After that using of openssl-1 at FreeBSD becomes a problem, if >>>> possible at all. >>>> At the moment I am trying to persuade FreeBSD seniors to make some >>>> excuses for oepnssl-1, but they rarely hear pleas about keeping old >>>> libraries. >>>> >>>> Regards, Sergei >>>> >>>> >>>> _______________________________________________ >>>> OpenXPKI-devel mailing list >>>> Ope...@li... >>>> https://lists.sourceforge.net/lists/listinfo/openxpki-devel >>>> >> >> >> >> >> _______________________________________________ >> OpenXPKI-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/openxpki-devel >> |
From: Oliver W. <ma...@ol...> - 2023-06-07 13:27:06
|
Hi Sergei, this check is a leftover from the times we had a binding so I guess if you just remove this section then the packages should build. Oliver On 07.06.23 00:14, Sergei Vyshenski wrote: > > Sorry for the noise. This log just show break because the present > version of the openxpki package explicitly requires opnessl-1. > > ================== > Hi Oliver, > > Maybe you can see something useful from the build log at > FreeBSD-14-beta (aka Current) and openssl-3: > > https://pkg-status.freebsd.org/gohan05/data/mainamd64openssl3-default/2023-06-05_08h50m07s/logs/errors/p5-openxpki-3.24.1.log > > > Regards, Sergei > > On 6/7/2023 12:53 AM, Oliver Welter wrote: >> Hello Sergei, >> >> we have not done any tests by now but as the CLI interface for the >> relevant calls should not have changed with OpenSSL 3 and we got rid >> of the binary bindings in the core project, it SHOULD not be a >> problem to run OpenXPKI with OpenSSL 3. As we make extensive use of >> the perl CryptX and other libraries which bind to OpenSSL, I hope >> those have adapted the changes in the meantime. >> >> As we have Debian 12 support on the list for the second half of the >> year which also comes with OpenSSL 3 we will see very soon if this >> assumption holds. >> >> best regards >> >> Oliver >> >> On 06.06.23 23:22, Sergei Vyshenski wrote: >>> Hi, >>> >>> Could you please shed some light about plans for support of openssl-3 ? >>> >>> Asking because this summer we expect a new stable release >>> FreeBSD-14, which has openssl-3 in base system. >>> After that using of openssl-1 at FreeBSD becomes a problem, if >>> possible at all. >>> At the moment I am trying to persuade FreeBSD seniors to make some >>> excuses for oepnssl-1, but they rarely hear pleas about keeping old >>> libraries. >>> >>> Regards, Sergei >>> >>> >>> _______________________________________________ >>> OpenXPKI-devel mailing list >>> Ope...@li... >>> https://lists.sourceforge.net/lists/listinfo/openxpki-devel >>> > > > > > _______________________________________________ > OpenXPKI-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openxpki-devel > -- Protect your environment - close windows and adopt a penguin! |
From: Sergei V. <svy...@gm...> - 2023-06-06 22:14:35
|
Sorry for the noise. This log just show break because the present version of the openxpki package explicitly requires opnessl-1. ================== Hi Oliver, Maybe you can see something useful from the build log at FreeBSD-14-beta (aka Current) and openssl-3: https://pkg-status.freebsd.org/gohan05/data/mainamd64openssl3-default/2023-06-05_08h50m07s/logs/errors/p5-openxpki-3.24.1.log Regards, Sergei On 6/7/2023 12:53 AM, Oliver Welter wrote: > Hello Sergei, > > we have not done any tests by now but as the CLI interface for the > relevant calls should not have changed with OpenSSL 3 and we got rid > of the binary bindings in the core project, it SHOULD not be a problem > to run OpenXPKI with OpenSSL 3. As we make extensive use of the perl > CryptX and other libraries which bind to OpenSSL, I hope those have > adapted the changes in the meantime. > > As we have Debian 12 support on the list for the second half of the > year which also comes with OpenSSL 3 we will see very soon if this > assumption holds. > > best regards > > Oliver > > On 06.06.23 23:22, Sergei Vyshenski wrote: >> Hi, >> >> Could you please shed some light about plans for support of openssl-3 ? >> >> Asking because this summer we expect a new stable release FreeBSD-14, >> which has openssl-3 in base system. >> After that using of openssl-1 at FreeBSD becomes a problem, if >> possible at all. >> At the moment I am trying to persuade FreeBSD seniors to make some >> excuses for oepnssl-1, but they rarely hear pleas about keeping old >> libraries. >> >> Regards, Sergei >> >> >> _______________________________________________ >> OpenXPKI-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/openxpki-devel >> |
From: Sergei V. <svy...@gm...> - 2023-06-06 22:09:01
|
Hi Oliver, Maybe you can see something useful from the build log at FreeBSD-14-beta (aka Current) and openssl-3: https://pkg-status.freebsd.org/gohan05/data/mainamd64openssl3-default/2023-06-05_08h50m07s/logs/errors/p5-openxpki-3.24.1.log Regards, Sergei On 6/7/2023 12:53 AM, Oliver Welter wrote: > Hello Sergei, > > we have not done any tests by now but as the CLI interface for the > relevant calls should not have changed with OpenSSL 3 and we got rid > of the binary bindings in the core project, it SHOULD not be a problem > to run OpenXPKI with OpenSSL 3. As we make extensive use of the perl > CryptX and other libraries which bind to OpenSSL, I hope those have > adapted the changes in the meantime. > > As we have Debian 12 support on the list for the second half of the > year which also comes with OpenSSL 3 we will see very soon if this > assumption holds. > > best regards > > Oliver > > On 06.06.23 23:22, Sergei Vyshenski wrote: >> Hi, >> >> Could you please shed some light about plans for support of openssl-3 ? >> >> Asking because this summer we expect a new stable release FreeBSD-14, >> which has openssl-3 in base system. >> After that using of openssl-1 at FreeBSD becomes a problem, if >> possible at all. >> At the moment I am trying to persuade FreeBSD seniors to make some >> excuses for oepnssl-1, but they rarely hear pleas about keeping old >> libraries. >> >> Regards, Sergei >> >> >> _______________________________________________ >> OpenXPKI-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/openxpki-devel >> |
From: Oliver W. <ma...@ol...> - 2023-06-06 21:53:57
|
Hello Sergei, we have not done any tests by now but as the CLI interface for the relevant calls should not have changed with OpenSSL 3 and we got rid of the binary bindings in the core project, it SHOULD not be a problem to run OpenXPKI with OpenSSL 3. As we make extensive use of the perl CryptX and other libraries which bind to OpenSSL, I hope those have adapted the changes in the meantime. As we have Debian 12 support on the list for the second half of the year which also comes with OpenSSL 3 we will see very soon if this assumption holds. best regards Oliver On 06.06.23 23:22, Sergei Vyshenski wrote: > Hi, > > Could you please shed some light about plans for support of openssl-3 ? > > Asking because this summer we expect a new stable release FreeBSD-14, > which has openssl-3 in base system. > After that using of openssl-1 at FreeBSD becomes a problem, if > possible at all. > At the moment I am trying to persuade FreeBSD seniors to make some > excuses for oepnssl-1, but they rarely hear pleas about keeping old > libraries. > > Regards, Sergei > > > _______________________________________________ > OpenXPKI-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openxpki-devel > -- Protect your environment - close windows and adopt a penguin! |
From: Sergei V. <svy...@gm...> - 2023-06-06 21:22:26
|
Hi, Could you please shed some light about plans for support of openssl-3 ? Asking because this summer we expect a new stable release FreeBSD-14, which has openssl-3 in base system. After that using of openssl-1 at FreeBSD becomes a problem, if possible at all. At the moment I am trying to persuade FreeBSD seniors to make some excuses for oepnssl-1, but they rarely hear pleas about keeping old libraries. Regards, Sergei |
From: Scott T. <sco...@ya...> - 2022-03-30 16:14:29
|
yes i went through the link. It helps but can you please guide me the exact procedure to store RSA key on YubiHSM which can be easily accessed by OpenXPKI? On Wednesday, 30 March 2022, 07:07:04 pm GMT+5, Martin Bartosch <vc...@cy...> wrote: > Can you please share the YubiHSM configuration to generate or import RSA key along with the configuration of OpenXPKI to access RSA key from YubiHSM? https://www.mail-archive.com/ope...@li.../msg00656.html |
From: Martin B. <vc...@cy...> - 2022-03-30 14:07:15
|
> Can you please share the YubiHSM configuration to generate or import RSA key along with the configuration of OpenXPKI to access RSA key from YubiHSM? https://www.mail-archive.com/ope...@li.../msg00656.html |
From: Scott T. <sco...@ya...> - 2022-03-30 13:50:43
|
Hi. Saw the reply on https://www.mail-archive.com/ope...@li.../msg00654.html Can you please share the YubiHSM configuration to generate or import RSA key along with the configuration of OpenXPKI to access RSA key from YubiHSM? RegardsScott Thomas On Thursday, 17 March 2022, 12:00:07 pm GMT+5, Martin Bartosch <vc...@cy...> wrote: >> > Yubico YubiHSM2 is a FIPS 140-2 Level 3 HSM. It provides PKCS#11 API version 2.40 and full access to device capabilities through Yubico’s YubiHSM Core Libraries (C, Python) >> > >> > Does OpenXPKI or CLCA support integration with Yubico YubiHSM 2 for the generation and storage of CA and SubCA keys? >> >> >> both OpenXPKI and clca can use HSM protected keys via the PKCS#11 API. > > > Good to hear this. Can you please share the OpenXPKI configuration to store the CA key on YubiHSM? https://openxpki.readthedocs.io/en/latest/reference/configuration/realm.html#token-setup |
From: Martin B. <vc...@cy...> - 2022-03-17 07:00:52
|
>> > Yubico YubiHSM2 is a FIPS 140-2 Level 3 HSM. It provides PKCS#11 API version 2.40 and full access to device capabilities through Yubico’s YubiHSM Core Libraries (C, Python) >> > >> > Does OpenXPKI or CLCA support integration with Yubico YubiHSM 2 for the generation and storage of CA and SubCA keys? >> >> >> both OpenXPKI and clca can use HSM protected keys via the PKCS#11 API. > > > Good to hear this. Can you please share the OpenXPKI configuration to store the CA key on YubiHSM? https://openxpki.readthedocs.io/en/latest/reference/configuration/realm.html#token-setup |
From: Scott T. <sco...@ya...> - 2022-03-17 05:16:42
|
Good to hear this. Can you please share the OpenXPKI configuration to store the CA key on YubiHSM? RegardsScott Thomas On Monday, 14 June 2021, 01:09:09 pm GMT+5, Martin Bartosch <vc...@cy...> wrote: Hi, > Yubico YubiHSM2 is a FIPS 140-2 Level 3 HSM. It provides PKCS#11 API version 2.40 and full access to device capabilities through Yubico’s YubiHSM Core Libraries (C, Python) > > Does OpenXPKI or CLCA support integration with Yubico YubiHSM 2 for the generation and storage of CA and SubCA keys? both OpenXPKI and clca can use HSM protected keys via the PKCS#11 API. Cheers Martin |
From: Oliver W. <ma...@ol...> - 2021-06-14 08:09:49
|
Both products can use PKCS#11 - so yes it is supported and we already had a PoC installation based on YubiHSM for a demo presentation. Am 14.06.21 um 10:03 schrieb Scott Thomas via OpenXPKI-devel: > Bonjour Developers, > > Yubico YubiHSM2 is a FIPS 140-2 Level 3 HSM. It provides PKCS#11 API > version 2.40 and full access to device capabilities through Yubico’s > YubiHSM Core Libraries (C, Python) > > Does OpenXPKI or CLCA support integration with Yubico YubiHSM 2 for > the generation and storage of CA and SubCA keys? > > Regards > Scott Thomas > > > _______________________________________________ > OpenXPKI-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openxpki-devel -- Protect your environment - close windows and adopt a penguin! |
From: Martin B. <vc...@cy...> - 2021-06-14 08:09:27
|
Hi, > Yubico YubiHSM2 is a FIPS 140-2 Level 3 HSM. It provides PKCS#11 API version 2.40 and full access to device capabilities through Yubico’s YubiHSM Core Libraries (C, Python) > > Does OpenXPKI or CLCA support integration with Yubico YubiHSM 2 for the generation and storage of CA and SubCA keys? both OpenXPKI and clca can use HSM protected keys via the PKCS#11 API. Cheers Martin |
From: Scott T. <sco...@ya...> - 2021-06-14 08:03:57
|
Bonjour Developers, Yubico YubiHSM2 is a FIPS 140-2 Level 3 HSM. It provides PKCS#11 API version 2.40 and full access to device capabilities through Yubico’sYubiHSM Core Libraries (C, Python) Does OpenXPKI or CLCA support integration with Yubico YubiHSM 2 for the generation and storage of CA and SubCA keys? RegardsScott Thomas |
From: Oliver W. <ma...@ol...> - 2021-05-20 06:41:44
|
Yes and the answer is already on the ML: https://sourceforge.net/p/openxpki/mailman/message/37276620/ Option 3: Our company sells a Tool called CertNanny that can be used to automate certificate request from Windows, Linux and Mac clients so you can easily write a batch job with it, in case you are interessted contact me via PM. Am 20.05.21 um 04:28 schrieb Scott Thomas via OpenXPKI-devel: > Is there any support on this feature? > > On Thursday, 6 May 2021, 09:03:54 am GMT+5, Node Developer via > OpenXPKI-devel <ope...@li...> wrote: > > > Dear Developers, > > Is there any option in OpenXPKI to automate the certificate request > process from some data source for example i have a database of my > company employees. I want the Request fields to be popped up with the > data from DB to avoid manual data entry mistakes. > Is it possible in OpenXPKI or through any other feature like bulk > certificate requests? > > Regards > _______________________________________________ > OpenXPKI-devel mailing list > Ope...@li... > <mailto:Ope...@li...> > https://lists.sourceforge.net/lists/listinfo/openxpki-devel > <https://lists.sourceforge.net/lists/listinfo/openxpki-devel> > > > _______________________________________________ > OpenXPKI-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openxpki-devel -- Protect your environment - close windows and adopt a penguin! |
From: Scott T. <sco...@ya...> - 2021-05-20 02:28:22
|
Is there any support on this feature? On Thursday, 6 May 2021, 09:03:54 am GMT+5, Node Developer via OpenXPKI-devel <ope...@li...> wrote: Dear Developers, Is there any option in OpenXPKI to automate the certificate request process from some data source for example i have a database of my company employees. I want the Request fields to be popped up with the data from DB to avoid manual data entry mistakes.Is it possible in OpenXPKI or through any other feature like bulk certificate requests? Regards_______________________________________________ OpenXPKI-devel mailing list Ope...@li... https://lists.sourceforge.net/lists/listinfo/openxpki-devel |
From: Oliver W. <ma...@ol...> - 2021-05-06 11:41:49
|
Hi, if the users will request the certificates themselves and you have a login system like LDAP or SAML you can import the users information into the login session and use this information to populate the fields. If you want a third party to request the certificates based on the information you need to adjust the CSR workflow to load the information from the database based on any former user input. You should be able to use the "Connector" pattern for this and use OpenXPKI::Server::Workflow::Activity::Tools::Connector::GetValue to load the data into the workflow. The other alternative would be to create a custom workflow that receives this data from another process and creates the certificates from it. You will find pointers to all approaches on readthedocs and in the sample configurations. best regards Oliver Am 06.05.21 um 06:03 schrieb Node Developer via OpenXPKI-devel: > Dear Developers, > > Is there any option in OpenXPKI to automate the certificate request > process from some data source for example i have a database of my > company employees. I want the Request fields to be popped up with the > data from DB to avoid manual data entry mistakes. > Is it possible in OpenXPKI or through any other feature like bulk > certificate requests? > > Regards > > > _______________________________________________ > OpenXPKI-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openxpki-devel -- Protect your environment - close windows and adopt a penguin! |
From: Node D. <nod...@ya...> - 2021-05-06 04:03:46
|
Dear Developers, Is there any option in OpenXPKI to automate the certificate request process from some data source for example i have a database of my company employees. I want the Request fields to be popped up with the data from DB to avoid manual data entry mistakes.Is it possible in OpenXPKI or through any other feature like bulk certificate requests? Regards |