-
Notifications
You must be signed in to change notification settings - Fork 135
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New legacy id generator #4875
base: master
Are you sure you want to change the base?
New legacy id generator #4875
Commits on Oct 17, 2024
-
Add option for decimal range numbers
With legacy serial ID, request and replica ranges are expressed in decimal while serial in hex. However, there is a problem in the hex management which create gaps in the sequences every time a new range is allocated. Since gaps could create problems to third party software it has been introduced a new parameter in CS.cfg to set the same format for all ranges: dbs.numberRangeRadix If this is not present or negative then the current default is adopted and nothing change. If this is set to 10 all the values are handled as decimal and the ranges work properly. If set to different values than 10 (e.g. 16 for hex) the gap problem is still present. This new parameter is not update during the update to avoid creating problem to running instances which do not have problem with range gaps. In case to move the value to 10 and solve the gaps problem then the CS.cfg serial range has to be fixed considering the current value as hex. Also the nextRange in the following DS node has to fixed accordingly: ou=certificateRepository,ou=ca,<prefix>
Configuration menu - View commit details
-
Copy full SHA for 55ab888 - Browse repository at this point
Copy the full SHA 55ab888View commit details -
Configuration menu - View commit details
-
Copy full SHA for 80a5732 - Browse repository at this point
Copy the full SHA 80a5732View commit details -
Make serial range operation in DS not radix dependent
Range information in DS will be stored in decimal format so all the related operation do not need radix to be read.
Configuration menu - View commit details
-
Copy full SHA for c1f27e3 - Browse repository at this point
Copy the full SHA c1f27e3View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0c15cba - Browse repository at this point
Copy the full SHA 0c15cbaView commit details -
Configuration menu - View commit details
-
Copy full SHA for b4c6c3f - Browse repository at this point
Copy the full SHA b4c6c3fView commit details -
Configuration menu - View commit details
-
Copy full SHA for 234a3f5 - Browse repository at this point
Copy the full SHA 234a3f5View commit details -
Add test for newLegacy id generator
The test convert from legacy generator to newLegacy and verify that not gaps are present when new ranges are created
Configuration menu - View commit details
-
Copy full SHA for ba07e30 - Browse repository at this point
Copy the full SHA ba07e30View commit details -
Configuration menu - View commit details
-
Copy full SHA for 7bca87d - Browse repository at this point
Copy the full SHA 7bca87dView commit details -
Add new pki-server ca-range-generator-* commands
This include 2 command: - "show" to get the id generator configured - "update" to change the generator. It is possible to move from legacy to legacy2 and from legacy or legacy2 to random
Configuration menu - View commit details
-
Copy full SHA for 02bb72a - Browse repository at this point
Copy the full SHA 02bb72aView commit details -
Update sequential test to use command for generator update
The generator are updated with the new command: pki-server ca-range-generator-update --type <generator_type> <generator_namne>
Configuration menu - View commit details
-
Copy full SHA for 79e07e7 - Browse repository at this point
Copy the full SHA 79e07e7View commit details
Commits on Oct 18, 2024
-
Split the redix options beteween request and cert
The just introduced option `dbs.numberRangeRadix` has been splitted in: - `dbs.cert.id.radix` - `dbs.request.id.radix` If they are not present the default value of 16 for cert and 10 for request will be used.
Configuration menu - View commit details
-
Copy full SHA for 125b477 - Browse repository at this point
Copy the full SHA 125b477View commit details -
Update all ranges when move from legacy to legacy2
In legacy serial number ranges are stored as hex for cert and decimal for request. The legacy2 is using decimal for all the values stored in DS. The update command is converting stored ranges to decimal to match with the new format and avoid problems.
Configuration menu - View commit details
-
Copy full SHA for e83c163 - Browse repository at this point
Copy the full SHA e83c163View commit details -
Configuration menu - View commit details
-
Copy full SHA for 4fb546b - Browse repository at this point
Copy the full SHA 4fb546bView commit details -
Configuration menu - View commit details
-
Copy full SHA for 26e8c1b - Browse repository at this point
Copy the full SHA 26e8c1bView commit details
Commits on Oct 21, 2024
-
Configuration menu - View commit details
-
Copy full SHA for da9f148 - Browse repository at this point
Copy the full SHA da9f148View commit details