Bug 668887

Summary: Switch on use of NSS for krb5 pkinit
Product: Red Hat Enterprise Linux 7 Reporter: Nalin Dahyabhai <nalin>
Component: krb5Assignee: Nalin Dahyabhai <nalin>
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: dpal, ebenes, jplans, mkosek, pkis, rmainz
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-04-03 12:45:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 642417, 668055, 668882, 668884, 671266, 710298    
Bug Blocks: 642407    

Description Nalin Dahyabhai 2011-01-11 22:30:33 UTC 
The krb5 pkinit plugin currently uses OpenSSL to create and parse CMS messages, parse and verify certificates, and generally perform its public key operations.  The logic which uses OpenSSL directly is confined to a number of functions exported from one source file.  We should finish implementing the same functions using NSS and build using that implementation instead of the one that uses OpenSSL.