Bug 1390359

Summary: foward port NSS OCSP cache settings
Product: Red Hat Enterprise Linux 6 Reporter: Robert Bost <rbost>
Component: mod_nssAssignee: Matthew Harmsen <mharmsen>
Status: CLOSED ERRATA QA Contact: Kaleem <ksiddiqu>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 6.9CC: akasurde, dpal, mharmsen, nkinder, nsoman, rcritten
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: mod_nss-1.0.10-9.el6 Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
A regression was discovered in mod_nss-1.0.10, as it was forgotten to forward port 'NSS OCSP cache settings' logic from mod_nss-1.0.8. This bug fixes this issue. Utilization of this feature is described in comment 8 of this bug. [BZ #1390359]
 Story Points: ---
Clone Of:
: 1392582 (view as bug list) Environment:
Last Closed: 2017-03-21 09:07:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1392582    
Attachments:
Description Flags
nss.conf
none
console.log none

Description Robert Bost 2016-10-31 19:48:27 UTC 
Description of problem:
Some additions were made to Red Hat Certificate System which would be helpful in standard RHEL mod_nss.

Version-Release number of selected component (if applicable): mod_nss-1.0.10-6.el6

Additional info:
Original bug report for RHEL 5:
https://bugzilla.redhat.com/show_bug.cgi?id=505682
Comment 3 Robert Bost 2016-11-01 20:05:14 UTC 
(In reply to Robert Bost from comment #0)
> Description of problem:
> Some additions were made to Red Hat Certificate System which would be
> helpful in standard RHEL mod_nss.

In addition to the first comment on this bug, customer is seeing OCSP responses being cached and disabling cache would be solution.
Comment 9 Abhijeet Kasurde 2017-01-17 09:31:29 UTC 
Created attachment 1241651 [details]
nss.conf
Comment 10 Abhijeet Kasurde 2017-01-17 09:31:50 UTC 
Created attachment 1241652 [details]
console.log
Comment 11 Abhijeet Kasurde 2017-01-17 09:33:39 UTC 
Verified using mod_nss version :: 

mod_nss-1.0.10-9.el6.x86_64

Tested various values of 
- NSSOCSPMinCacheEntryDuration
- NSSOCSPMaxCacheEntryDuration
- NSSOCSPTimeout

Please find the attachment for console.log and mod_nss + httpd configuration file.

Marking BZ as verified.
Comment 15 errata-xmlrpc 2017-03-21 09:07:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0576.html