Hide Forgot
The PKI packages used by IdM include a DLL for browser-based certificate enrollment on Windows clients called xenroll.dll. This is a deprecated DLL that was removed in Vista and later Windows systems, but we still used it for enrollment (and carried it in our packages). We have already moved our PKI packages over to be able to use the replacement that is provided in Windows itself (certenroll.dll). We should remove xenroll.dll from our packages since it is no longer needed.
# for rpm in `rpm -qa | grep pki`; do > echo $rpm > rpm -ql $rpm | grep xenroll.dll > done redhat-pki-server-theme-10.3.3-1.el7.noarch pki-tools-10.3.3-10.el7.x86_64 pki-base-10.3.3-10.el7.noarch pki-server-10.3.3-10.el7.noarch pki-base-java-10.3.3-10.el7.noarch pki-ca-10.3.3-10.el7.noarch /usr/share/pki/ca/webapps/ca/agent/xenroll.dll tomcatjss-7.1.2-3.el7pki.noarch # find . -name xenroll.dll ./base/ca/shared/webapps/ca/agent/xenroll.dll # grep -ri xenroll.dll Binary file .git/index matches base/ca/shared/webapps/ca/admin/ca/EnrollSuccess.template: CODEBASE="/xenroll.dll" base/ca/shared/webapps/ca/admin/ca/ImportAdminCert.template: codebase="xenroll.dll" base/ca/shared/webapps/ca/admin/ca/ImportCert.template: CODEBASE="/xenroll.dll" base/ca/shared/webapps/ca/admin/ca/ImportCert.template: document.writeln("<OBJECT classid='clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1' CODEBASE='/xenroll.dll' id='Enroll'></OBJECT>"); base/ca/shared/webapps/ca/admin/ca/adminEnroll.html: CODEBASE="/xenroll.dll" base/ca/shared/webapps/ca/agent/ca/EnrollSuccess.template: CODEBASE="/xenroll.dll" base/ca/shared/webapps/ca/agent/ca/ImportCert.template: CODEBASE="/xenroll.dll" base/ca/shared/webapps/ca/agent/ca/ImportCert.template: document.writeln("<OBJECT classid='clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1' CODEBASE='/xenroll.dll' id='Enroll'></OBJECT>"); base/ca/shared/webapps/ca/agent/ca/displayBySerial.template: CODEBASE="/xenroll.dll" Binary file base/ca/shared/webapps/ca/agent/xenroll.dll matches base/ca/shared/webapps/ca/ee/ca/AIMEnroll.html: CODEBASE="/ee/xenroll.dll" base/ca/shared/webapps/ca/ee/ca/CertBasedDualEnroll.html: CODEBASE="/ee/xenroll.dll" base/ca/shared/webapps/ca/ee/ca/CertBasedEncryptionEnroll.html: CODEBASE="/ee/xenroll.dll" base/ca/shared/webapps/ca/ee/ca/CertBasedSingleEnroll.html: CODEBASE="/ee/xenroll.dll" base/ca/shared/webapps/ca/ee/ca/DirPinUserEnroll.html: CODEBASE="/xenroll.dll" base/ca/shared/webapps/ca/ee/ca/DirUserEnroll.html: CODEBASE="/xenroll.dll" base/ca/shared/webapps/ca/ee/ca/EnrollSuccess.template: CODEBASE="/xenroll.dll" base/ca/shared/webapps/ca/ee/ca/ImportAdminCert.template: codebase="xenroll.dll" base/ca/shared/webapps/ca/ee/ca/ImportCert.template: CODEBASE="/xenroll.dll" base/ca/shared/webapps/ca/ee/ca/ImportCert.template: document.writeln("<OBJECT classid='clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1' CODEBASE='/xenroll.dll' id='Enroll'></OBJECT>"); base/ca/shared/webapps/ca/ee/ca/ManObjSignEnroll.html: CODEBASE="/xenroll.dll" base/ca/shared/webapps/ca/ee/ca/ManUserEnroll.html: CODEBASE="/xenroll.dll" base/ca/shared/webapps/ca/ee/ca/PortalEnrollment.html: CODEBASE="/xenroll.dll" base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template: document.writeln("<OBJECT classid='clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1' CODEBASE='/xenroll.dll' id='Enroll'></OBJECT>"); base/ca/shared/webapps/ca/ee/ca/RenewalSuccess.template: CODEBASE="/xenroll.dll" base/ca/shared/webapps/ca/ee/ca/displayBySerial.template: CODEBASE="/xenroll.dll" base/server/share/webapps/pki/admin/console/config/wizard.vm: codebase="xenroll.dll"
Upstream ticket: https://fedorahosted.org/pki/ticket/2524
Per PKI Bug Council of 11/29/2016: 10.3 - critical
arubin provided ZStream request flag; justification is provided in the Bug Description.
Committed to master branch: commit 6cf7cec3c559786b90dcca298a2d7c6c570eac35 Author: Matthew Harmsen <mharmsen> Date: Fri Dec 9 15:29:50 2016 -0700 Removed all references to 'xenroll.dll' - PKI TRAC Ticket #2524 - Remove xenroll.dll from pki-core
Build used: [root@pki1 ~]# rpm -qi pki-core package pki-core is not installed [root@pki1 ~]# rpm -qi pki-base Name : pki-base Version : 10.4.1 Release : 2.el7 Architecture: noarch Install Date: Tuesday 02 May 2017 10:07:35 AM EDT Group : System Environment/Base Size : 2082927 License : GPLv2 Signature : RSA/SHA256, Tuesday 18 April 2017 08:37:55 PM EDT, Key ID 199e2f91fd431d51 Source RPM : pki-core-10.4.1-2.el7.src.rpm Build Date : Tuesday 18 April 2017 08:09:41 PM EDT Build Host : ppc-041.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : http://pki.fedoraproject.org/ [root@pki1 ~]# for rpm in `rpm -qa | grep pki`; do > echo $rpm > rpm -ql $rpm | grep xenroll.dll > done pki-kra-10.4.1-2.el7.noarch pki-tps-10.4.1-2.el7pki.x86_64 pki-base-10.4.1-2.el7.noarch redhat-pki-server-theme-10.4.1-1.el7pki.noarch pki-tools-10.4.1-2.el7.x86_64 pki-server-10.4.1-2.el7.noarch pki-javadoc-10.4.1-2.el7.noarch redhat-pki-console-theme-10.4.1-1.el7pki.noarch pki-tks-10.4.1-2.el7pki.noarch pki-ocsp-10.4.1-2.el7pki.noarch pki-ca-10.4.1-2.el7.noarch pki-core-debuginfo-10.4.1-2.el7.x86_64 redhat-pki-10.4.1-1.el7pki.noarch pki-console-10.4.1-2.el7pki.noarch pki-base-java-10.4.1-2.el7.noarch pki-symkey-10.4.1-2.el7.x86_64 [root@pki1 ~]# find / -name xenroll.dll [root@pki1 ~]# [root@pki1 ~]# grep -ri xenroll.dll [root@pki1 ~]#
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2110