Bug 1929426

Summary: time bomb in nss 3.57.1-17.el8_3, test cert expired
Product: Red Hat Enterprise Linux 8 Reporter: Tuomo Soini <tis>
Component: nssAssignee: nss-nspr-maint <nss-nspr-maint>
Status: CLOSED CURRENTRELEASE QA Contact: Ivan Nikolchev <inikolch>
Severity: low Docs Contact:
Priority: low    
Version: 8.3CC: hkario, inikolch, rrelyea, ssorce
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 1976253 (view as bug list) Environment:
Last Closed: 2021-12-16 11:54:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1976253    

Description Tuomo Soini 2021-02-16 21:10:30 UTC 
chains.sh: Verifying certificate(s)  NameConstraints.ocsp1.cert with flags -d trustanchorsDB -pp    -u 10  
vfychain -d trustanchorsDB -pp -vv    -u 10   /builddir/build/BUILD/nss-3.53.1/nss/tests/libpkix/certs/NameConstraints.ocsp1.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. CN=OCSP Subsystem,O=IPA.LOCAL 201901211552 :
  ERROR -8181: Peer's Certificate has expired.
Returned value is 1, expected result is pass
chains.sh: #1057: TrustAnchors: Verifying certificate(s)  NameConstraints.ocsp1.cert with flags -d trustanchorsDB -pp    -u 10   - FAILED
trying to kill httpserv with PID 77000 at Tue Feb 16 18:02:53 EET 2021

This causes six tests to fail.
Comment 1 Tuomo Soini 2021-02-17 08:06:39 UTC 
Feodra has patched this issue and same patch can be used to work around this issue.
Comment 3 Bob Relyea 2021-06-23 21:47:40 UTC 
Need zstream+ to attach to the errrata.
Comment 4 Simo Sorce 2021-06-23 21:59:10 UTC 
Done