Bug 1392582 - foward port NSS OCSP cache settings
Summary: foward port NSS OCSP cache settings
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: mod_nss
Version: 7.4
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: Abhijeet Kasurde
Vladimír Slávik
Depends On: 1390359 1451576
Blocks: 1399979
TreeView+ depends on / blocked
Reported: 2016-11-07 19:55 UTC by Matthew Harmsen
Modified: 2020-05-14 15:23 UTC (History)
7 users (show)

Fixed In Version: mod_nss-1.0.14-8.el7
Doc Type: Release Note
Doc Text:
New cache configuration options for *mod_nss* This update adds new options to control cahing of OCSP responses to the *mod_nss* module. The new options allow the user to control: * Time to wait for OCSP responses * Size of the OCSP cache * Minimum and maximum duration for an item's presence in cache, including not caching at all
Clone Of: 1390359
Last Closed: 2017-08-01 16:53:57 UTC
Target Upstream Version:

Attachments (Terms of Use)
console.log (23.76 KB, text/plain)
2017-05-23 12:25 UTC, Abhijeet Kasurde
no flags Details

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2009 0 normal SHIPPED_LIVE mod_nss bug fix update 2017-08-01 17:58:50 UTC

Comment 7 Abhijeet Kasurde 2017-05-17 05:37:09 UTC
Unable to generate certificate using `ipa cert-request` command. Marking this BZ as failed QA.

[root@master1 ~]# openssl req -new -sha256 -key testuser1.key -out testuser1.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:MH
Locality Name (eg, city) [Default City]:PUNE
Organization Name (eg, company) [Default Company Ltd]:RED HAT
Organizational Unit Name (eg, section) []:QE
Common Name (eg, your name or your server's hostname) []:testuser1
Email Address []:testuser1

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@master1 ~]# ipa cert-request testuser1.csr --principal=testuser1
ipa: ERROR: invalid 'csr': DN emailAddress does not match any of user's email addresses

IPA version:: ipa-server-4.5.0-11.el7.x86_64

Comment 8 Abhijeet Kasurde 2017-05-17 06:11:22 UTC
Moving back to ON_QA. This depends on #1451576

Comment 9 Abhijeet Kasurde 2017-05-23 12:24:52 UTC
Verified using mod_nss version :: mod_nss-1.0.14-10.el7.x86_64

Marking BZ as verified. See attachment for console.log.

Comment 10 Abhijeet Kasurde 2017-05-23 12:25:21 UTC
Created attachment 1281534 [details]

Comment 11 errata-xmlrpc 2017-08-01 16:53:57 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.