Bug 1012655 - (this bug is unnecessary if rebase bug 1012656 gets approved) - RHEL 7 initial release should reject MD5 based signatures in OCSP responses
(this bug is unnecessary if rebase bug 1012656 gets approved) - RHEL 7 initia...
Status: CLOSED DUPLICATE of bug 1012656
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: nss (Show other bugs)
7.0
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Elio Maldonado Batiz
BaseOS QE Security Team
: Rebase
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-09-26 15:59 EDT by Kai Engert (:kaie)
Modified: 2013-11-13 05:03 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-10-21 12:27:38 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kai Engert (:kaie) 2013-09-26 15:59:10 EDT
upstream NSS 3.15.2 includes a fix, that will reject MD5 signatures in OCSP responses.

We should include that fix in the initial release of RHEL7, to avoid that customers might potentially later complain about a change of behaviour.

Two options:
- either pick up NSS 3.15.2 for RHEL 7 initial release
- or add the patch from https://bugzilla.mozilla.org/show_bug.cgi?id=663313

The fix is inside the main NSS package (not softokn, not util)
Comment 2 Kai Engert (:kaie) 2013-09-26 16:51:31 EDT
We want to try to rather rebase RHEL 7 to NSS 3.15.2

Should rebase bug 1012656 get approved, this bug is unnecessary.
Comment 3 Elio Maldonado Batiz 2013-10-21 12:20:36 EDT
Kai is right. We could make that other one a blocker of this one or close this one. In any event, it's been in my plans to work on the rebase this week.
Comment 4 Kai Engert (:kaie) 2013-10-21 12:27:38 EDT
(In reply to Elio Maldonado Batiz from comment #3)
> Kai is right. We could make that other one a blocker of this one or close
> this one. In any event, it's been in my plans to work on the rebase this
> week.

If you work on bug 1012656 (and it's two blocker bugs for nss-util and nss-softokn), then I'd set this bug to status "closed / duplicate of 1012656".
Comment 5 Kai Engert (:kaie) 2013-10-21 12:28:09 EDT

*** This bug has been marked as a duplicate of bug 1012656 ***
Comment 6 Douglas Silas 2013-11-11 13:55:12 EST
If this feature or issue should be documented in the Release or Technical Notes for RHEL 7.0 Beta, please select the correct Doc Type from the drop-down menu and enter a description in Doc Text.

For info about the differences between known issues, driver updates, deprecated functionality, release notes and Technology Previews, see:

https://engineering.redhat.com/docs/en-US/Policy/70.ecs/html-single/Describing_Errata_Release_and_Technical_Notes_for_Engineers/index.html#bh-known_issue

If you have questions, please email rhel-notes@redhat.com.
Comment 7 Elio Maldonado Batiz 2013-11-11 14:05:29 EST
Needed documentation will be supplied in the doc text for Bug 1012656.

Note You need to log in before you can comment on or make changes to this bug.