Bug 1469432
Summary: | CMC plugin default change | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Jaroslav Reznik <jreznik> |
Component: | pki-core | Assignee: | RHCS Maintainers <rhcs-maint> |
Status: | CLOSED ERRATA | QA Contact: | Asha Akkiangady <aakkiang> |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | 7.4 | CC: | cfu, dkholia, gkapoor, jmagne, mharmsen, msauton, salmy |
Target Milestone: | rc | Keywords: | ZStream |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | pki-core-10.4.1-11.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | 1466486 | Environment: | |
Last Closed: | 2017-08-01 11:31:47 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1466486 | ||
Bug Blocks: | 1470817 |
Description
Jaroslav Reznik
2017-07-11 09:25:24 UTC
*** Bug 1470948 has been marked as a duplicate of this bug. *** Test Build: ========== rpm -qa pki-* pki-console-10.4.1-5.el7pki.noarch pki-javadoc-10.4.1-11.el7.noarch pki-symkey-10.4.1-11.el7.x86_64 pki-tools-10.4.1-11.el7.x86_64 pki-base-10.4.1-11.el7.noarch pki-kra-10.4.1-11.el7.noarch pki-server-10.4.1-11.el7.noarch pki-ocsp-10.4.1-10.el7pki.noarch pki-base-java-10.4.1-11.el7.noarch pki-ca-10.4.1-11.el7.noarch pki-tps-10.4.1-10.el7pki.x86_64 pki-tks-10.4.1-10.el7pki.noarch pki-core-debuginfo-10.4.1-11.el7.x86_64 Test Cases: ----------- Test Case 1: =========== When cmc.revokeCert.sharedSecret.class and cmc.sharedSecret.class are not present in CS.cfg 1. Install CA with new bits i.e pki-ca-10.4.1-11.el7.noarch. 2. Verified by default CS.cfg doesn't have: cmc.revokeCert.sharedSecret.class=com.netscape.cms.authentication.SharedSecret cmc.sharedSecret.class=com.netscape.cms.authentication.SharedSecret 3. perform one CMC test and see how it works if above two properties are missing from CA's CS.cfg. <snip output> Number of controls is 1 Control #0: CMCStatusInfo OID: {1 3 6 1 5 5 7 7 1} BodyList: 0 Status String: Proof-of-Identification Verification Failed after verifyIdentityProofV2 OtherInfo type: FAIL </snip output> Test Case 2: Add the two properties manually in CS.cfg and restart CA. =========== 1. Add the two properties manually in CS.cfg and make sure CMC tests worked. 2. Features tested and verified as part of this testing: -- User-signed CMC requests Example (with PopLinkWitnessV2) -- Self-Signed CMC Request Example (with IdentityProofV2) -- User-signed CMC request Without POP (Encrypted POP / Decrypted POP) -- User-Signed CMC Renewal Request I have tried to cover basic sanity testing for CMC.Please revert if you think any other test case I need to cover as part of this testing. Marking bug as verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:2335 |