Bug 445400
| Summary: | Enhancement request to provide page size used during CRL generation as configurable parameter. | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Retired] Dogtag Certificate System | Reporter: | Andrew Wnuk <awnuk> | ||||||
| Component: | CA | Assignee: | Andrew Wnuk <awnuk> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> | ||||||
| Severity: | low | Docs Contact: | |||||||
| Priority: | low | ||||||||
| Version: | 1.0 | CC: | benl, dpal, jgalipea | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2009-07-22 23:28:42 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 443788 | ||||||||
| Attachments: |
|
||||||||
|
Description
Andrew Wnuk
2008-05-06 18:19:58 UTC
Created attachment 304671 [details]
CRL page size tunable parameter
+ mharmsen - attachment (id=304671) - update the release number and changelog comment in the pki/linux/ca and pki/linux/common specfiles. Created attachment 304677 [details]
spec diffs
+ mharmsen attachment (id=304677) - one suggestion; always place "bugzilla"/"Bugzilla" in front of the bug # so that we know which bug system was being utilized pki/base/ca/src/com/netscape/ca[50] svn commit CRLIssuingPoint.java Sending CRLIssuingPoint.java Transmitting file data . Committed revision 30. pki/base/common/src/com/netscape/certsrv/ca[54] svn commit ICertificateAuthority.java Sending ICertificateAuthority.java Transmitting file data . Committed revision 31. pki/linux/common[58] svn commit pki-common.spec Sending pki-common.spec Transmitting file data . Committed revision 32. pki/linux/ca[60] svn commit pki-ca.spec Sending pki-ca.spec Transmitting file data . Committed revision 33. Please add steps to verify this bug. Thank you here's the steps, I think... 1 - generate a CRL that has like 10 revoked certs 2 - edit CS.cfg to have ca.crl.MasterCRL.pageSize=2 3 - restart ca 4 - goto the ca Agent Page -> Display CRL -> MasterCRL -> Entire CRL. See if the UI allows you to page through the 10 entries 2 at a time. 1. set ca.crl.MasterCRL.pageSize=2 and restarted ca 2. With 6 revoked certificates on CRL 3. Updated CRL 4. from ca Agent page displayed entire CRL 5. All 6 were listed, not open to page through 2 at a time. Sorry. Change of instructions.
1 - set CS.cfg to have ca.crl.pageSize=1
2 - restart ca
3 - generate a CRL that has like 10 revoked certs
4 - watch CA debug log ... you will see the following line
"CRL Page Size:" make sure number matches your config setting.
This is enough to verify the bug.
But I would like to see how the VLV search is in turn constructed by looking at the slapd logs... and we should probably decipher that vlv search and ensure
this pageSize is actually fed in for the search
Verified: 1. set page size to 2 and restarted ca Debug log: [06/Jul/2009:12:44:35][main]: CRL Page Size: 2 2. update CRL - clear cache enabled. DS access log: [root@qe-blade-11 installscripts]# tail -f /var/log/dirsrv/slapd-qe-blade-11/access [06/Jul/2009:12:46:36 -0400] conn=137 op=11 SRCH base="ou=certificateRepository, ou=ca, dc=qe-blade-11.idm.lab.bos.redhat.com-pki-ca" scope=1 filter="(certStatus=REVOKED)" attrs="serialno revInfo objectClass" [06/Jul/2009:12:46:36 -0400] conn=137 op=11 SORT serialno (0) [06/Jul/2009:12:46:36 -0400] conn=137 op=11 VLV 0:2:A 0:0 (0) vlv is 2. |