Bug 1425514
Summary: | certutil has multiple issues in handling RSA-PSS certificates | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Hubert Kario <hkario> |
Component: | nss | Assignee: | Daiki Ueno <dueno> |
Status: | CLOSED ERRATA | QA Contact: | Hubert Kario <hkario> |
Severity: | unspecified | Docs Contact: | Mirek Jahoda <mjahoda> |
Priority: | unspecified | ||
Version: | 7.4 | CC: | dueno, hkario, kengert |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | nss-3.34.0-0.1.beta1.el7 | Doc Type: | Technology Preview |
Doc Text: |
.Support for certificates signed with `RSA-PSS` in `certutil` has been improved
Support for certificates signed with the `RSA-PSS` algorithm in the `certutil` tool has been improved. Notable enhancements and fixes include:
* The `--pss` option is now documented.
* The `PKCS#1 v1.5` algorithm is no longer used for self-signed signatures when a certificate is restricted to use `RSA-PSS`.
* Empty `RSA-PSS` parameters in the `subjectPublicKeyInfo` field are no longer printed as invalid when listing certificates.
* The `--pss-sign` option for creating regular RSA certificates signed with the `RSA-PSS` algorithm has been added.
Support for certificates signed with `RSA-PSS` in `certutil` is provided as a Technology Preview.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2018-04-10 09:25:43 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1457751 |
Description
Hubert Kario
2017-02-21 15:45:57 UTC
It isn't clear if we'll be able to get these issues fixed for rhel 7.4.0, and who will work on them. Volunteers welcome. Bob suggested, it would be good to get the incorrect behavior fixed, because if we ship an incorrect behavior in 7.4.0, it would be difficult to switch to a different behavior in later 7.x releases. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2018:0679 |