Age | Commit message (Collapse) | Author | Files | Lines |
|
Nan Zhou (1):
remove year 2038 check
Change-Id: I762f5294dddcd9b499975492e870cea30d129e25
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
Patrick Williams (4):
certificate: openssl3: switch to EVP_PKEY_eq
certs_manager: switch keygen to support openssl-3
build: remove autotools
build: rename config.h source
Change-Id: I34db8c34c8ff3acabcaf5550d35f35c9c76452f4
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I00f31a008d909d78f1ebd0497f329087ef457dc5
|
|
Patrick Williams (1):
build: add meson support
Change-Id: I7b1ce2bd642dcf19dd4a8bf72e53cb12a49e5ea0
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
Nan Zhou (1):
allow X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
Change-Id: If490efcdd55badc85e769e67e1e91ef5336e96ee
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
Patrick Williams (1):
certificate: fix memory leak
Change-Id: I3b7c75ca10667647c07fe21c90b40c9d408c8e63
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
Patrick Williams (3):
certificate: reduce nested sdbusplus::object inheritence
fix unused parameter warnings
watch: fix uninitialized variable
Change-Id: I5bcfcaab8bf79f238a1c76cf158090c9a68318df
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
Manojkiran Eda (1):
Add OWNERS file
Change-Id: I8affa79f6c17d0eda23c960807c2c2ac0e0eec45
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
Patrick Williams (2):
configure: simpify dbus policy install dir
catch exceptions as const
Update FILES and DEPENDS per 'simplify dbus policy' needs.
Change-Id: Ic8d573eac341b34bc5f55e7c12dc737095a9f5f2
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
|
|
The recipe has collected a bunch of needless FILES settings. Simplify
to the current minimum required set.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I0da538e22ea5d1284f32bd2d2c22bcb61db39bd1
|
|
Patrick Williams (2):
cleanup sdbus CAMELCASE define
exception: switch to public sdbus exception
Change-Id: I50ce5f897768dc068876bc45fe1c5730945a6d9e
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
This change required as a part of privilege separation work:
https://github.com/openbmc/openbmc/issues/3383
This change should be merged after individual repo change:
https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-user-manager/+/42633
Signed-off-by: Anton D. Kachalov <gmouse@google.com>
Change-Id: I3d68a3cb27f822b05027ef07a89e6c65f6859178
|
|
This change is a part of the privilege seperation work
which is tracked in:
https://github.com/openbmc/openbmc/issues/3383
This change should be merged after individual repo change:
https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-certificate-manager/+/41166
Signed-off-by: Anton D. Kachalov <gmouse@google.com>
Change-Id: I72e4842e7aa6de2ae4bcbdbf00953b7a79a0f414
|
|
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I588025b614416c43aa2d053765ab53bacf890cb5
|
|
We don't yet use ptest so we are wasting cycles building tests
Change-Id: I4be55f6dd11bebf9f2556f35e8fa61d19bd953b2
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Nidhin MS (1):
Verify that certificate is loadable in SSL context
Change-Id: Ib847dd79cd341dffa4fcf99243744bde2085acc2
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
Jayanth Othayoth (1):
Add fix for Missing "OU" OrganizationalUnit CSR
Change-Id: I6cae0e80e88bf1057e9ce87c92a956eb90855637
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
Patrick Williams (3):
use new sdbus++ camelcase for CSR.
MAINTAINERS: update for Ed
MAINTAINERS: update for Deepak
Change-Id: I3b3ba3e96bff657aeb2e159ad73f4aa22e4fcda2
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
Ravi Teja (2):
CA Certs: Modify object entry path to fix object sub-tree hierarchy
CA Cert: Fix D-bus object path
Change-Id: Ic4e436a9d53a070f0d77e8385b59ccee72ce21bc
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
William A. Kennington III (1):
watch: IWYU
Change-Id: I0df223b5567d8f8e636f5725a3b8782ca6c4a5a2
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
Ramesh Iyyar (1):
genCSR: Fix to catch InvalidArgument exception
(From meta-phosphor rev: 566e3277cb28cf1bb48e537ab90732103778df80)
Change-Id: Ia8b3deee6b46935eb5a1a1d4b201bbad06d9f976
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
|
Ravi Teja (1):
Fix build failure with feature flag "--enable-ca-cert-extension"
(From meta-phosphor rev: 170346d8c45291ab778505c71efdfa72e5d39613)
Change-Id: I5c207a69e3d4fbd266cdfffc6b8004dc62eb8af4
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
|
this is required to launch ibm vmi certificate manager
for ibm systems
https://gerrit.openbmc-project.xyz/c/openbmc/meta-ibm/+/33969
(From meta-phosphor rev: 5864ac0774233810bfe48d2a1471aa0d1140d2a7)
Signed-off-by: Ravi Teja <raviteja28031990@gmail.com>
Change-Id: I839061ad3477507bf7d57ae527917876f0993106
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
|
Ravi Teja (2):
Implementation of BMC VMI certificate manager
Add unit testcases for CA certificate authority manager
(From meta-phosphor rev: abdadf76d97b8135aa189c4bc790af24534bdb01)
Change-Id: I449b8cd90e456cce243886ee427b387dfb047694
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
|
Zhenfei Tai (1):
Add documentation of how to use the program in README
(From meta-phosphor rev: 29a203e93ee03dbf44d05e4ab2036e1a2167b5b0)
Change-Id: I494d6a3f0042805b77d82e55472d26e3186f1231
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
|
A number of packages are depending both on p-d-i and p-d-i-native,
for seemingly no reason. Remove excess DEPENDS on p-d-i-native.
(From meta-phosphor rev: 9a31d9bbf8d50516da9efd9dac6e5144659a84ba)
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Iab13f2246c1196a59d0b5852a9801c4cf7de88fc
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
|
Lakshminarayana R. Kammath (1):
unit-test: Enable unit test coverage for certificate manager
(From meta-phosphor rev: bdcb6d93331ce31fc5e1eddc57aff868e48aa211)
Change-Id: I8493c5f7f1c3e9bfd40884a3cf169e54a996c2fd
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
|
sdbusplus has changed the package layout so that sdbusplus-native and
sdbus++-native are now ${PYTHON_PN}-sdbus++-native. Update recipes
that need to use sdbus++ (or its associated python modules) or remove
the DEPENDS if it is no longer necessary.
(From meta-phosphor rev: 2bebd1247cb78567441158b152c7a13f476afd4f)
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I30f9c2220da9145ef0a7067e067aed1396d8b40d
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
|
Marri Devender Rao (2):
Fix application crash issue with uncaught exception
Return error if certificate expiry date is beyond year 2038
(From meta-phosphor rev: dc1f6b14f8bbc4667c6e5e90f3cc8bf4360bd795)
Change-Id: I37b7927a7cc8ae16de1f450f3abf49b457e60c46
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
|
Fixes openbmc/openbmc#3645.
(From meta-phosphor rev: d81e4abb0e9448b0011a3896a6d12b315a29e142)
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ia3874a6fac9430c8321dc6f4050cd8b5e68c8e53
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Marri Devender Rao (1):
Remove some traces logged as part of application load.
(From meta-phosphor rev: 6e89a809206b2a18785f40e85f22c07f519d2c44)
Change-Id: I9522171107d7b296de27edf9d678b5ddec9ef9ef
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Zbigniew Lukwinski (1):
Change InternalFailure to NotAllowed for replace
(From meta-phosphor rev: 612f430c3d54722d38d398589544ebfdc701c331)
Change-Id: I0b5f79b51c350cfb79ac0517cedcbfda070b94a1
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Zbigniew Lukwinski (2):
Refactoring of certificates managing and storing
Installing certificates with the same subject name.
(From meta-phosphor rev: 2bb4dddc90fa524af0c74edb80cbeef58cab55c7)
Change-Id: Id1c9662145707a08b6c1bb950156216896206a45
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Zbigniew Lukwinski (1):
Limit access permissions for authority cert directory.
(From meta-phosphor rev: 4fbae2f0c26a1975d490c5b0ba46558ee73e6d4a)
Change-Id: Idf2e346f5559b69ea406feb3cc636a9d1542cd63
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Marri Devender Rao (1):
Allow only root user to access certificates
(From meta-phosphor rev: 233336b0d6c78014d84440341c912febd571b6ee)
Change-Id: Iddfcc26466986469dc85fb558acf04a920ea24d6
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Kowalski, Kamil (1):
Support uploading multiple certificates per authority service.
Zbigniew Kurzynski (1):
Certificate delete API – backend.
Zbigniew Lukwinski (1):
Enable limiting authority certificates amount.
(From meta-phosphor rev: cd2069fb3901fa57307e521d5470a643995587bd)
Change-Id: Id228b88744f9bd2dc08c2fdb60ee6375c045cf54
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Since the certificate manager can support multiple certificates
the CERTPATH for mode=authentication will be changed to directory.
This change depends on anothere review, see Depends-On tag.
Becase the TrustStore will be used by TLS authentication,
any operation on certificates should result in bmcweb restart, that
is why #Units to restart entry is added.
Since update procedure will not replace configuration file in /etc
all configuration files for the certificate-manager will be deployed
in /usr/share/phosphor-certificate-manager.
(From meta-phosphor rev: 0c09ff71d089c614b14d076d933e849f2f74281e)
Signed-off-by: Zbigniew Kurzynski <zbigniew.kurzynski@intel.com>
Change-Id: Ib7f4ba60760ab8cd1ac647bc51dadf50af7fedc7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
phosphor-certificate-manager - srcrev bump 262ac2439d..06a69d7b
Zbigniew Kurzynski (1)
Support uploading multiple certificates [install-backend]
phosphor-dbus-interfaces - srcrev bump 262ac2439d..7aa705a935
AppaRao Puli (1):
Interface for defining PFR related properties
Ravi Teja (1):
Network: add fallback option for LinkLocalAddressing property
Richard Marian Thomaiyar (1):
D-Bus: User: Make AllGroups & AllPriv as const
Zbigniew Kurzynski (1):
Support uploading multiple certificates. [install-interface]
(From meta-phosphor rev: 86cb86f8973fb87d88f613137934904ed34ac861)
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
Change-Id: Ia97a046ae7c14228da9cc738d46f07bc97312cf4
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
PHOSPHORBASE is only used for pointing at licenses...point at the
licenses in oe-core in meta/files/common-licenses instead. to match the
defacto convention used in other oe layers like meta-openembedded.
(From meta-phosphor rev: a1cee09419cb1467c3d2b7bf996b40089f0d06f4)
Change-Id: If136d24638a8022671988cf0a01620e7fffc545f
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Marri Devender Rao (2):
Fix extended key usage value while generating CSR
Fixed error message logged for certificate verification
(From meta-phosphor rev: fbd01b6e080d712ea8c8bca20dc1730e2f792183)
Change-Id: Icdaae4750908f61f5c88914cc364b038334a5782
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Marri Devender Rao (1):
Fix certificate manager failure after factory reset
(From meta-phosphor rev: 0748a5e9f080ed2b237663679bcd75a0927a03a0)
Change-Id: I28078cdc4a48cad82400c81dad4c2ead33097c94
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
|
|
Marri Devender Rao (1):
Fix upload signed certificate error through GUI
Ramesh Iyyar (1):
Generate RSA Private Key file during application startup
(From meta-phosphor rev: 91343cb2a4d3cd2a518dc4131ab6a4abc83c4c81)
Change-Id: I00b018c572343f043de4fec1f500598d4e20c138
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Marri Devender Rao (2):
Manage certificates created by applications
Append private key from the system to CA signed certificate
(From meta-phosphor rev: af23b88350d424d57d23d0de0a590630802a2379)
Change-Id: I223d216f8460febed6bc9fe10d29102ffc07289c
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Ramesh Iyyar (1):
Added support to generate CSR based on ECC approach
(From meta-phosphor rev: 6e4033a91ddd8803be5986e8bb1b4e4c925940f2)
Change-Id: Ied8ed19b9a63b26cf722eeeda9edb4efaa0bfa34
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Marri Devender Rao (1):
Fix subject property value is set with certificate string
(From meta-phosphor rev: a37d0de134fb4dcf01568fdcdb68ef035936d771)
Change-Id: I4e77f1525ed738464c2a2139fb897474113ed7a5
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Marri Devender Rao (3):
Pass flag to skip restart of units for certificate object
Return Certificate Signing Request(CSR) contents
Add Generate Key and Certificate Signing Request (CSR)
(From meta-phosphor rev: 079aafc015cb9f58ddecfc7968ed2743c81f80d5)
Change-Id: I34c03dc26bb5f7cf496148a7284e6acd689ee1fb
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Deepak Kodihalli (1):
Propose Devender as a maintainer
(From meta-phosphor rev: 7a583a1cce05bd12c3696dc5829ed3cf9b547480)
Change-Id: I7277d1b562c13e5fd286a0aab496b9c8d7375aa3
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
For generating CSR sdeventplus library is used for adding child
process id to the event loop, so that parent process gets
callback after the completion of generate csr operation
performed in the child process.
(From meta-phosphor rev: 462e3d22b32c776989519871252a9fa68f73ff5b)
Change-Id: I7f3fde38e44de96924f7c170b975aaeec7bf94e5
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Marri Devender Rao (1):
Implement Replace interface for Certificate objects
(From meta-phosphor rev: c56f1a548214cbc3c38c3bb5c7104ee027774e30)
Change-Id: I3d8c9e9315cc485f48d9a34d8f56ae5b2af5fe6d
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Added bitbake recipe to instantiate phoshor-certificate-manager
service for bmcweb certificates.
Caters for installing/replacing of bmcweb certificates.
Specifying instance arguments through env file
Tested:
1) Verified phosphor-certificate-manger instance for bmcweb
is running
2) Verified Installing, Replacing of certificates using Redfish
(From meta-phosphor rev: b0e77acb579523dfa706a545c86b1c2469692adc)
Change-Id: Ifb4c8ac7e34f57a652f72eff1a0ef568a6348124
Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|