<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#ffffff">
    <pre wrap=""><a class="moz-txt-link-freetext" href="https://bugzilla.redhat.com/show_bug.cgi?id=663752">https://bugzilla.redhat.com/show_bug.cgi?id=663752</a>

<a class="moz-txt-link-freetext" href="https://bugzilla.redhat.com/attachment.cgi?id=472939&amp;action=diff">https://bugzilla.redhat.com/attachment.cgi?id=472939&amp;action=diff</a>
<a class="moz-txt-link-freetext" href="https://bugzilla.redhat.com/attachment.cgi?id=472939&amp;action=edit">https://bugzilla.redhat.com/attachment.cgi?id=472939&amp;action=edit</a>

Description: In fixing <a href="https://bugzilla.redhat.com/show_bug.cgi?id=182507" title="MODIFIED - clear-password mod from replica is discarded before changelogged">Bug 182507</a>, the feature to encrypt changelogs
had been introduced. The changelog encryption depends on the server
certificate as the attrcrypt does.  When the server certificate is
renewed, the encrypted changelog won't be decrypted.  This patch
implements/completes the feature to export and import the contents
of the changelog to provide the scenario to update the encrypted
changelogs along with the cert renewal.

See also this section for the steps to export/import changelogs.
<a href="http://directory.fedoraproject.org/wiki/Changelog_Encryption#Steps_for_Certificate_Renewal">http://directory.fedoraproject.org/wiki/Changelog_Encryption#Steps_for_Certificate_Renewal</a></pre>
  </body>
</html>