Bug 1392582

Summary: foward port NSS OCSP cache settings
Product: Red Hat Enterprise Linux 7 Reporter: Matthew Harmsen <mharmsen>
Component: mod_nssAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: Abhijeet Kasurde <akasurde>
Severity: urgent Docs Contact: Vladimír Slávik <vslavik>
Priority: urgent    
Version: 7.4CC: dpal, ipa-qe, ksiddiqu, nkinder, nsoman, rbost, rcritten
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: mod_nss-1.0.14-8.el7 Doc Type: Release Note
Doc Text:
New cache configuration options for *mod_nss* This update adds new options to control cahing of OCSP responses to the *mod_nss* module. The new options allow the user to control: * Time to wait for OCSP responses * Size of the OCSP cache * Minimum and maximum duration for an item's presence in cache, including not caching at all
 Story Points: ---
Clone Of: 1390359 Environment:
Last Closed: 2017-08-01 16:53:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1390359, 1451576    
Bug Blocks: 1399979    
Attachments:
Description Flags
console.log none

Comment 7 Abhijeet Kasurde 2017-05-17 05:37:09 UTC 
Unable to generate certificate using `ipa cert-request` command. Marking this BZ as failed QA.


[root@master1 ~]# openssl req -new -sha256 -key testuser1.key -out testuser1.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:MH
Locality Name (eg, city) [Default City]:PUNE
Organization Name (eg, company) [Default Company Ltd]:RED HAT
Organizational Unit Name (eg, section) []:QE
Common Name (eg, your name or your server's hostname) []:testuser1
Email Address []:testuser1

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@master1 ~]# ipa cert-request testuser1.csr --principal=testuser1
ipa: ERROR: invalid 'csr': DN emailAddress does not match any of user's email addresses


IPA version:: ipa-server-4.5.0-11.el7.x86_64
Comment 8 Abhijeet Kasurde 2017-05-17 06:11:22 UTC 
Moving back to ON_QA. This depends on #1451576
Comment 9 Abhijeet Kasurde 2017-05-23 12:24:52 UTC 
Verified using mod_nss version :: mod_nss-1.0.14-10.el7.x86_64

Marking BZ as verified. See attachment for console.log.
Comment 10 Abhijeet Kasurde 2017-05-23 12:25:21 UTC 
Created attachment 1281534 [details]
console.log
Comment 11 errata-xmlrpc 2017-08-01 16:53:57 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2009