Bug 748401
Summary: | SEC_ERROR_BAD_SIGNATURE with a certificate trusted by OpenSSL | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Jan Vcelak <jvcelak> |
Component: | nss | Assignee: | Elio Maldonado Batiz <emaldona> |
Status: | CLOSED WONTFIX | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | 7.0 | CC: | amarecek, emaldona, eparis, kdudka, kengert, nkinder, nmavrogi, rmeggins, rrelyea, tsmetana |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | 748394 | Environment: | |
Last Closed: | 2016-01-22 16:38:34 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 748394 | ||
Bug Blocks: |
Description
Jan Vcelak
2011-10-24 11:08:35 UTC
In http://www.openldap.org/lists/openldap-bugs/201110/msg00021.html the original reporter states: >>The problem appears to be related to our particular CA, that uses a DSA key. >>I've never been able to reproduce the problem creating new CA with an rsa key; The NSS PEM module only supports RSA. I suspect this may be reason. Since RHEL 6.3 External Beta has begun, and this bug remains unresolved, it has been rejected as it is not proposed as exception or blocker. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux. This would be a request for a new feature, support for DSA in the PEM module. For RHEL-6.5 we must concentrate on several fixing defects on existing features only and cannot afford introduce new features as this request actually is. I recommend deferring this to RHEL-6.6. We do not plan to address this in RHEL 6.x. We will need to look at addressing this as a part of a larger PEM module cleanup effort for RHEL 7.x. Pushing this out to RHEL 7.x so we can evaluate when it should be fixed there. |