Bug 1011225
Summary: | nss-softokn-fips and nss-softokn-freebl-fips need to be added to comps.xml | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Bob Relyea <rrelyea> |
Component: | releng | Assignee: | Lubos Kocman <lkocman> |
Status: | CLOSED DUPLICATE | QA Contact: | Release Test Team <release-test-team-automation> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 6.5 | CC: | dgregor, notting, sforsber |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-09-23 21:43:51 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Bob Relyea
2013-09-23 20:25:35 UTC
Why would this make fips=0 fail (as opposed to fips=1)? In any case looks more or less like a dup of bug 1009708. It would guarrentee fips=1 would fail for users of libfreebl (like libcrypt.so: part of glibc and required for login). It could cause users that put NSS into FIPS mode (independent of the system fips flag). This is things like servers using modutil to turn of FIPS mode, or users clicking the enable FIPS button in the browser. I don't know how many customers this affects. It currently has not effect in all other cases, but once the rest of the fips code is in place, it will cause the FIPS integrity check to run, even in non-fips mode, so at the very least it needs to be removable. bob Right, but comment #0 said it made fips=0 fail, which didn't make much sense to me. *** This bug has been marked as a duplicate of bug 1009708 *** |