Red Hat Bugzilla – Bug 1012655
(this bug is unnecessary if rebase bug 1012656 gets approved) - RHEL 7 initial release should reject MD5 based signatures in OCSP responses
Last modified: 2013-11-13 05:03:23 EST
upstream NSS 3.15.2 includes a fix, that will reject MD5 signatures in OCSP responses.
We should include that fix in the initial release of RHEL7, to avoid that customers might potentially later complain about a change of behaviour.
- either pick up NSS 3.15.2 for RHEL 7 initial release
- or add the patch from https://bugzilla.mozilla.org/show_bug.cgi?id=663313
The fix is inside the main NSS package (not softokn, not util)
We want to try to rather rebase RHEL 7 to NSS 3.15.2
Should rebase bug 1012656 get approved, this bug is unnecessary.
Kai is right. We could make that other one a blocker of this one or close this one. In any event, it's been in my plans to work on the rebase this week.
(In reply to Elio Maldonado Batiz from comment #3)
> Kai is right. We could make that other one a blocker of this one or close
> this one. In any event, it's been in my plans to work on the rebase this
If you work on bug 1012656 (and it's two blocker bugs for nss-util and nss-softokn), then I'd set this bug to status "closed / duplicate of 1012656".
*** This bug has been marked as a duplicate of bug 1012656 ***
If this feature or issue should be documented in the Release or Technical Notes for RHEL 7.0 Beta, please select the correct Doc Type from the drop-down menu and enter a description in Doc Text.
For info about the differences between known issues, driver updates, deprecated functionality, release notes and Technology Previews, see:
If you have questions, please email email@example.com.
Needed documentation will be supplied in the doc text for Bug 1012656.