Make extension CA module in order to comunicate with OpenVPN

[ejhernandez@…]

There are some things that are needed to be shown by CA module to make OpenVPN module easier to use.

This ticket is intended to do this task.

1. Make certificate path available in listCertificates function
2. Method getKeys should not remove the private key
3. Make a method to retrieve the Certification Authority metadata directly
4. Make a method to get a list of all certificates minus the Certification Authority one
5. isCreated must optionally raise an exception
6. a 'getCertificate' method that when supplied with a CN, returns the certificate stuff or undef if the certificate does not exists
7. an strange error to OpenVPN appears (See comment below for more information) -> resolved in #334

[javier.amor.garcia@…]

isCreated must optionall raise a exception because almost any module that uses ca must first check if the certification authority is setted up. If we optionally raise a exception we will ease this checking and give a more homogenous error messages. Look into EBox::Validate to see examples of this behaviour.

[ejhernandez@…]

Typos in description

[javier.amor.garcia@…]

a method to retireve keys already exists

[javier.amor.garcia@…]

the 'getCertifcate' method is for avoiding endless list searchs to clients

[ejhernandez@…]

First -> Done Second -> getKeys does NOT remove private key, removePrivateKey method does that

[ejhernandez@…]

Third done

[ejhernandez@…]

Fourth done.

Fifth done.

Sixth won't fix since listCertificates has this functionality.

[ejhernandez@…]

I don't close this ticket till OpenVPN developer has finished the implementation

[ejhernandez@…]

(In [6030]) Updating translation lines refs #305

[ejhernandez@…]

(In [6031]) Updating listCertificates to return cert path, isCreated to raise an exception when a name is given; creating getCACertificate and getCertificates and, finally, updating test file to check CA correctness refs #305

[ejhernandez@…]

(In [6036]) Remove redundancy in attribute method, removing obsolete dn refs #305

[ejhernandez@…]

(In [6037]) s/dnAttribute/attribute, updating CA API giving a listCertificates to return an array of certs (filtered) and getCertificate to return an unique element. All other stuff is needless. It seems to work but more tests should be applied refs #305"

[ejhernandez@…]

(In [6038]) Email changelog fixed refs #305

[ejhernandez@…]

Thu Dec 14 18:40:03 2006 TLS: Initial packet from 192.168.45.117:10000,
sid=b9a77150 85de755c
Thu Dec 14 18:40:03 2006 VERIFY ERROR: depth=1, error=self signed
certificate in certificate
chain: /C=ES/ST=Nation/L=Nowhere/O=monos/CN=Certification_Authority_Certificate
Thu Dec 14 18:40:03 2006 TLS_ERROR: BIO read tls_read_plaintext error:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
Thu Dec 14 18:40:03 2006 TLS Error: TLS object -> incoming plaintext
read error
Thu Dec 14 18:40:03 2006 TLS Error: TLS handshake failed
Thu Dec 14 18:40:03 2006 Fatal TLS error (check_tls_errors_co),
restarting

[ejhernandez@…]

done in #334

[ejhernandez@…]

I think I can close. Every new thing should have its own ticket.