Bug 1416143

Summary: libreswan needs to check intermediate CRLs in strict mode - but after validating subCA against root CA (and its CRL)
Product: Red Hat Enterprise Linux 6 Reporter: Paul Wouters <pwouters>
Component: libreswanAssignee: Paul Wouters <pwouters>
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: high    
Version: 6.9CC: cww, jaster, kengert, kperrier, ksrot, mrogers, omoris, pvrabec, pwouters, tlavigne
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1360134
: 1416144 (view as bug list) Environment:
Last Closed: 2017-09-06 03:59:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1360134    
Bug Blocks: 1374441, 1416144    

Comment 7 Paul Wouters 2017-09-06 03:59:34 UTC 
Red Hat Enterprise Linux 6 shipped its last Production 2 phase minor
release, RHEL 6.9, on March 21, 2016. On May 10, 2017, RHEL 6 exits
Production 2 phase and moves into Production 3 phase. For RHEL releases
in Production 3 phase, Red Hat will provide critical-impact security
fixes and urgent priority bug fixes for the last minor release but will
not provide any software enhancements or hardware enablement. 

This BZ does not appear to meet the Product 3 phase inclusion criteria
described above so is being closed WONTFIX. If this BZ is critical for
your environment, please open a case in the Red Hat Customer Portal,
https://access.redhat.com, provide a thorough business justification and
ask that the BZ be re-opened for consideration. Please note, only
critical-impact security fixes and urgent priority bug fixes will be
considered, and no software enhancements or hardware enablement will be
performed.