|Summary:||crlutil cannot import CRLs non-interactively in FIPS mode|
|Product:||Red Hat Enterprise Linux 6||Reporter:||jared jennings <jjennings>|
|Component:||nss||Assignee:||Elio Maldonado Batiz <emaldona>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:||BaseOS QE Security Team <qe-baseos-security>|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2013-02-19 11:11:36 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description jared jennings 2011-09-14 23:28:06 UTC
Description of problem: crlutil appears not to make proper use of a password file supplied with its -f switch when importing CRLs into an NSS database which is in FIPS mode. Version-Release number of selected component (if applicable): nss-3.12.9-12.el6_1.i686 For instructions to reproduce problem, actual and expected results, see the upstream bugzilla, https://bugzilla.mozilla.org/show_bug.cgi?id=686761
Comment 2 jared jennings 2011-09-15 15:38:46 UTC
Proposed patch added to Mozilla bug.
Comment 3 Elio Maldonado Batiz 2011-09-16 17:07:47 UTC
The proposed patch was accepted and committed upstream.
Comment 5 RHEL Product and Program Management 2011-10-07 16:01:34 UTC
Since RHEL 6.2 External Beta has begun, and this bug remains unresolved, it has been rejected as it is not proposed as exception or blocker. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux.
Comment 6 jared jennings 2012-06-20 14:50:57 UTC
The upstream patch appears to have made it into RHEL 6, thanks to Bug 799192. I've updated nss-util to 3.13.3-2.el6, according to RHSA-2012:0973-04, and gone through the steps to reproduce from https://bugzilla.mozilla.org/show_bug.cgi?id=686761. I found that crlutil now works as expected.