Bug 1098208 - Rebase certmonger to include the ability to add IPA CA cert to NSS database (and files)
Summary: Rebase certmonger to include the ability to add IPA CA cert to NSS database (...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: certmonger
Version: 6.5
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: ---
Assignee: Nalin Dahyabhai
QA Contact: Kaleem
URL:
Whiteboard:
Depends On: 759545 767700 817405
Blocks: 1103090
TreeView+ depends on / blocked
 
Reported: 2014-05-15 13:28 UTC by Nalin Dahyabhai
Modified: 2015-04-07 09:45 UTC (History)
8 users (show)

Fixed In Version: certmonger-0.75.2-1.el6
Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
Clone Of: 767700
Environment:
Last Closed: 2014-10-14 07:12:39 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:1512 0 normal SHIPPED_LIVE certmonger bug fix and enhancement update 2014-10-14 01:22:25 UTC

Description Nalin Dahyabhai 2014-05-15 13:28:28 UTC
One of the uses cases we're trying to address in the next update is this one, which is a specific instance of the general problem of fetching and storing the certificates of a CA's root certificate that we trust, along with any that are between that root and the certificates that the CA issues to us.

Adding logic to delegate this out to per-CA helpers, run them, cache their results internally, and add options to the 'getcert' commands which let people control where we actually store them is turning out to be a rather large patchset, to the point where I'd be much more comfortable if we rebased the package.

Comment 3 Kaleem 2014-08-22 05:40:05 UTC
Verified.

certmonger version:
===================
[root@rhel66-master ~]# rpm -q certmonger
certmonger-0.75.13-1.el6.x86_64
[root@rhel66-master ~]

Snip from beaker automation log:
================================
   [   PASS   ]      TC1_getcert_request   Valid location with -F parameter
   [   PASS   ]      TC2_getcert_request   Invalid location with -F parameter
   [   PASS   ]      TC3_getcert_request   empty -F parameter
   [   PASS   ]      TC4_getcert_request   CA already exist in provided file location
   [   PASS   ]      TC5_getcert_request   Valid nss db location
   [   PASS   ]      TC6_getcert_request   Invalid nss db location
   [   PASS   ]      TC7_getcert_request   Empty nss db location
   [   PASS   ]      TC8_getcert_request   CA already exists
   [   PASS   ]      TC9_getcert_resubmit   Valid location with -F parameter
   [   PASS   ]      TC10_getcert_resubmit   Invalid location with -F parameter
   [   PASS   ]      TC11_getcert_resubmit   empty -F parameter
   [   PASS   ]      TC12_getcert_resubmit   CA already exist in provided file location
   [   PASS   ]      TC13_getcert_resubmit   Valid location with -a parameter
   [   PASS   ]      TC14_getcert_resubmit   Invalid location with -a parameter
   [   PASS   ]      TC15_getcert_resubmit   empty -a parameter
   [   PASS   ]      TC16_getcert_resubmit   CA already exist in provided nss db location
   [   PASS   ]      TC17_getcert_start_tracking   Valid location with -F parameter
   [   PASS   ]      TC18_getcert_start_tracking   Invalid location with -F parameter
   [   PASS   ]      TC19_getcert_start_tracking   empty -F parameter
   [   PASS   ]      TC20_getcert_start_tracking   CA already exist in provided file location
   [   PASS   ]      TC21_getcert_start_tracking   Valid location with -a parameter
   [   PASS   ]      TC22_getcert_start_tracking   Invalid location with -a parameter
   [   PASS   ]      TC23_getcert_start_tracking   empty -a parameter
   [   PASS   ]      TC24_getcert_start_tracking   CA already exist in provided nss db location

Comment 4 errata-xmlrpc 2014-10-14 07:12:39 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1512.html


Note You need to log in before you can comment on or make changes to this bug.