Bug 1651314

Summary: NSS: Support for IKE/IPsec typical PKIX usage so libreswan can use nss without rejecting certs based on EKU
Product: Red Hat Enterprise Linux 8 Reporter: Nikos Mavrogiannopoulos <nmavrogi>
Component: nssAssignee: Bob Relyea <rrelyea>
Status: CLOSED CURRENTRELEASE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: high Docs Contact:
Priority: high    
Version: 8.0CC: cww, ddepaula, dueno, fche, hkario, mrogers, mthacker, nkinder, nmavrogi, pwouters, rcadova, rrelyea, sbroz, shobbs, snagar, ssorce, tis, tmraz, toneata, tscherf, wchadwic
Target Milestone: rcKeywords: Regression, Triaged, ZStream
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: nss-util-3.39.0-1.1.el8,nss-3.39.0-1.4.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1212132
: 1725116 (view as bug list) Environment:
Last Closed: 2019-08-02 22:10:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1212132    
Bug Blocks: 1623566, 1643388, 1657186, 1701002, 1725116    

Comment 8 Bob Relyea 2018-12-05 23:04:12 UTC 
fixed in nss-util-3.39.0-1.1.el8,nss-3.39.0-1.4.el8
Comment 9 Danilo de Paula 2018-12-07 12:24:50 UTC 
This fix broken nss-util.pc file.

[guest@localhost ~]$ pkg-config --cflags nss                                   
Package dependency requirement 'nss-util >= 3.39.0-1.1' could not be satisfied.
Package 'nss-util' has version '3.39.0', required version is '>= 3.39.0-1.1'   

nss.pc bumped the dependency of nss-util, but nss-util.pc didn't reflect that.
Which end up breaking all builds that has a build dependency on nss.
Comment 17 Bob Relyea 2019-05-21 15:10:40 UTC 
Patch upstream in next NSS release.