Bug 1611250
Summary: | Better understanding of NSS_USE_DECODED_CKA_EC_POINT for ECC [rhel-7.5.z] | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Oneata Mircea Teodor <toneata> |
Component: | pki-core | Assignee: | Christina Fu <cfu> |
Status: | CLOSED ERRATA | QA Contact: | Asha Akkiangady <aakkiang> |
Severity: | high | Docs Contact: | Marc Muehlfeld <mmuehlfe> |
Priority: | high | ||
Version: | 7.5 | CC: | cfu, gkapoor, mharmsen, msauton, rhcs-maint, rpattath |
Target Milestone: | rc | Keywords: | TestCaseProvided, ZStream |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | pki-core-10.5.1-15.el7_5 | Doc Type: | Bug Fix |
Doc Text: |
This update removes the outdated reference to the NSS_USE_DECODED_CKA_EC_POINT environment variable for ECC certificates in the HttpClient command line usage.
|
Story Points: | --- |
Clone Of: | 1593805 | Environment: | |
Last Closed: | 2018-09-25 19:07:11 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1593805 | ||
Bug Blocks: |
Description
Oneata Mircea Teodor
2018-08-02 08:16:14 UTC
commit 6eef4f5cb83cd4b7e2c45ad6a44ba453392ec051 (bug1593805-ECC-env) Author: Christina Fu <cfu> Date: Wed Aug 1 13:35:53 2018 -0700 Bug 1593805 Better understanding of NSS_USE_DECODED_CKA_EC_POINT for ECC This patch removes the outdated reference to EC environment variable NSS_USE_DECODED_CKA_EC_POINT for ECC in the HttpClient command line usage. More info in the usage are updated as well for correctness and clarity. Change-Id: I562e2c0cd86f91369f347b38cc660cc3cee585b9 test procedure: Since this is only a Usage description update, you can just run the HttpClient at command line and see the resulting Usage info. Compare that with what it used to produce. Here is the review link where you could see what has been updated in Usage: https://review.gerrithub.io/c/dogtagpki/pki/+/421033/3/base/java-tools/src/com/netscape/cmstools/HttpClient.java [root@auto-hv-01-guest03 ecc]# rpm -qi pki-ca Name : pki-ca Version : 10.5.1 Release : 15.el7_5 Architecture: noarch Install Date: Tue 11 Sep 2018 03:31:30 PM EDT Group : System Environment/Daemons Size : 2451877 License : GPLv2 Signature : (none) Source RPM : pki-core-10.5.1-15.el7_5.src.rpm Build Date : Mon 13 Aug 2018 11:12:20 PM EDT Build Host : ppc-021.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : http://pki.fedoraproject.org/ Summary : Certificate System - Certificate Authority Verification steps: This following does not have any info about NSS_USE_DECODED_CKA_EC_POINT [root@auto-hv-01-guest03 ecc]# HttpClient --help HttpClient: can't find configuration file: --help Usage: HttpClient <configuration file> For example, HttpClient HttpClient.cfg The configuration file should look like as follows: #host: host name for the http server host=host.example.com #port: port number port=8443 #secure: true for secure connection, false for nonsecure connection secure=false #input: full path for the enrollment request, the content must be in binary format input=~/cmcReqCRMFBin #output: full path for the response in binary format #output could be parsed by running CMCResponse output=~/cmcResp #dbdir: directory for NSS certificate/key databases #This parameter will be ignored if secure=false dbdir=/.dogtag/nssdb #password: password for NSS database #This parameter will be ignored if secure=false and clientmode=false password= #tokenname: name of token where SSL client authentication cert for nickname can be found (default is internal) #This parameter will be ignored if secure=false tokenname=internal #clientmode: true for client authentication, false for no client authentication #This parameter will be ignored if secure=false clientmode=false #nickname: nickname for client certificate #This parameter will be ignored if clientmode=false nickname= #servlet: target URL #This parameter may include query parameters; # - reminder: profileId should be a profile that matches # the intended certificate; for certificates intended # for SSL (client or server), profiles should match # the key type (RSA or EC) of the keys generated for CSR; servlet=/ca/ee/ca/profileSubmitCMCFull?profileId=caFullCMCUserCert Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:2759 |