Bug 728592

Summary: RFE: add option to allow server to start with an expired certificate
Product: [Retired] 389 Reporter: Rob Crittenden <rcritten>
Component: Security - SSLAssignee: Nathan Kinder <nkinder>
Status: CLOSED CURRENTRELEASE QA Contact: Viktor Ashirov <vashirov>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 1.2.9CC: amsharma, edewata, nhosoi, nkinder, rmeggins
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 733440 (view as bug list) Environment:
Last Closed: 2015-12-07 17:08:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 690318, 708096, 728950, 733440    
Attachments:
Description Flags
Patch nhosoi: review+, rmeggins: review+

Description Rob Crittenden 2011-08-05 17:58:05 UTC 
Description of problem:

389-ds is the heart of IPA and in order to renew any certificate it needs to be up and running. We therefore need an option in dse.ldif to allow 389-ds to launch even if its certificate is expired, understanding that proper SSL clients will not communicate with it.

This relates to IPA ticket https://fedorahosted.org/freeipa/ticket/1576
Comment 1 Rich Megginson 2011-08-08 15:33:46 UTC 
What is the severity?  What is the timeframe you need a solution by?
also see my comments in the ticket
Comment 2 Nathan Kinder 2011-08-23 21:25:14 UTC 
Created attachment 519524 [details]
Patch
Comment 3 Nathan Kinder 2011-08-23 21:46:21 UTC 
Pushed patch to master.  Thanks to Noriko and Rich for their reviews!

Counting objects: 21, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (11/11), done.
Writing objects: 100% (11/11), 2.09 KiB, done.
Total 11 (delta 9), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   96663b0..971dded  master -> master
Comment 4 Nathan Kinder 2011-08-23 21:50:40 UTC 
Pushed patch to 389-ds-base-1.2.9 branch:

Counting objects: 21, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (11/11), done.
Writing objects: 100% (11/11), 2.09 KiB, done.
Total 11 (delta 9), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   c0b0ef8..5ff4af3  129-local -> 389-ds-base-1.2.9
Comment 9 Amita Sharma 2011-09-26 09:47:42 UTC 
Successfully Verified this as a subset of other bug.
Hence marking as VERIFIED.