Bug 1677681

Summary: support setting supported signature algorithms in strsclnt utility
Product: Red Hat Enterprise Linux 8 Reporter: Hubert Kario <hkario>
Component: nssAssignee: nss-nspr-maint <nss-nspr-maint>
Status: CLOSED CURRENTRELEASE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.0CC: cww, dueno, mthacker, pasik, rcadova, rrelyea, snagar, ssorce, toneata
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1725110 (view as bug list) Environment:
Last Closed: 2019-08-05 08:19:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1679667    
Bug Blocks: 1684604, 1713187, 1725110    

Description Hubert Kario 2019-02-15 15:11:21 UTC 
Description of problem:
It's impossible to change supported signature algorithms in strsclnt utility, which together with rsa_pss_pss_* signature algorithms being disabled by default, means that it's not possible to test interoperability of session resumption with RSA-PSS certificates

Version-Release number of selected component (if applicable):
nss-3.41.0-5.el8.x86_64

How reproducible:
always

Steps to Reproduce:
1. run strsclnt -J rsa_pss_pss_sha256
2.
3.

Actual results:
command prints help message and complains about unrecognised option

Expected results:
command runs, is able to connect to server using rsa-pss key

Additional info:
Comment 2 Bob Relyea 2019-03-18 22:48:16 UTC 
I would be tempted to set this to low, but while it doesn't really affect customers, it does affect QA's ability to test this, so I'm bumping it up to medium.