Bug 479722
Summary: | ESC to TPS SSL communication problem with renewed TPS cert | ||||||
---|---|---|---|---|---|---|---|
Product: | [Retired] Dogtag Certificate System | Reporter: | Jack Magne <jmagne> | ||||
Component: | ESC | Assignee: | Jack Magne <jmagne> | ||||
Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | high | ||||||
Version: | 1.0 | CC: | aakkiang, alee, benl, kevinu, mharmsen | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2009-07-22 23:30:59 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 496410 | ||||||
Bug Blocks: | 443788 | ||||||
Attachments: |
|
Description
Jack Magne
2009-01-12 17:48:31 UTC
*** Bug 479335 has been marked as a duplicate of this bug. *** Created attachment 348593 [details]
Proposed fix for this issue.
This fix involved allowing the user to set security exceptions much like in Firefox. Also, the separate HTTP library that contacts the TPS to perform token operations has been given a Bad Cert handler that can recognize previously created exceptions.
attachment (id=348593) +mharmsen CAVEATS: In "src/app/xpcom/rhCoolKey.cpp": CHANGE: if(!certCBLock) { PR_DestroyLock(certCBLock); } TO: if(certCBLock) { PR_DestroyLock(certCBLock); } MOVE this "err" initialization code above the "err" switches: // Retrieve callback data from NssHttpClient // Caller cleans up this data BadCertData *data = (BadCertData *) arg; data->error = err = PORT_GetError(); REMOVE unused variable "PRNetAddr addr;" Add LOG messages on "false" cases. Changes suggested Done: cvs -d :ext:jmagne.redhat.com/cvs/dirsec commit -m "Bugzilla# 479722 ESC to TPS SSL communication problem with renewed TPS cert." cvs trace lost. Fixed in the next build of ESC. Verified. With the renewed tps server cert able to enroll/format tokens. |