Bug 1027236
Summary: | pmcd fails to start, nss/cert problems | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Tomas Smetana <tsmetana> |
Component: | pcp | Assignee: | Dave Brolley <brolley> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Miloš Prchlík <mprchlik> |
Severity: | medium | Docs Contact: | |
Priority: | urgent | ||
Version: | 7.0 | CC: | fche, mbenitez, mgoodwin, mprchlik, nathans, sct |
Target Milestone: | beta | Keywords: | Regression |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | pcp-3.8.6-2.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-06-13 12:06:54 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tomas Smetana
2013-11-06 12:11:13 UTC
This appears to be an NSS certificate-database configuration problem. It seems unfortunate that pmcd fails entirely upon such a problem. At worst we should allow communication without SSL/TLS, e.g. over normal TCP and definitely over local:. It is also suspicious that we should be initializing nss to the "Export" suite of ciphers, which probably unnecessarily weakens it. nss-3.15.2-7.el7.x86_64 pcp-3.8.6-1.el7.x86_64 reproducible on tofan.yyz's rhel7 vm See bug #1001841: nss-3.15.2-6 "disable ssl2 and the export cipher suites". See also bug #1026677. Open-coding a version of that nss patch within pcp. (In reply to Frank Ch. Eigler from comment #1) > It seems unfortunate that pmcd fails entirely upon such a problem. At > worst we should allow communication without SSL/TLS, e.g. over normal > TCP and definitely over local:. Opened upstream bug http://oss.sgi.com/bugzilla/show_bug.cgi?id=1035 to track this. This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |