Bug 1469432 - CMC plugin default change
CMC plugin default change
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: pki-core (Show other bugs)
7.4
All Linux
urgent Severity urgent
: rc
: ---
Assigned To: RHCS Maintainers
Asha Akkiangady
: ZStream
: 1470948 (view as bug list)
Depends On: 1466486
Blocks: CVE-2017-7537
  Show dependency treegraph
 
Reported: 2017-07-11 05:25 EDT by Jaroslav Reznik
Modified: 2017-08-01 07:31 EDT (History)
7 users (show)

See Also:
Fixed In Version: pki-core-10.4.1-11.el7
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1466486
Environment:
Last Closed: 2017-08-01 07:31:47 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jaroslav Reznik 2017-07-11 05:25:24 EDT
This bug has been copied from bug #1466486 and has been proposed to be backported to 7.4 z-stream (EUS).
Comment 7 Dhiru Kholia 2017-07-21 06:40:57 EDT
*** Bug 1470948 has been marked as a duplicate of this bug. ***
Comment 8 Geetika Kapoor 2017-07-25 07:56:56 EDT
Test Build:
==========
rpm -qa pki-*
pki-console-10.4.1-5.el7pki.noarch
pki-javadoc-10.4.1-11.el7.noarch
pki-symkey-10.4.1-11.el7.x86_64
pki-tools-10.4.1-11.el7.x86_64
pki-base-10.4.1-11.el7.noarch
pki-kra-10.4.1-11.el7.noarch
pki-server-10.4.1-11.el7.noarch
pki-ocsp-10.4.1-10.el7pki.noarch
pki-base-java-10.4.1-11.el7.noarch
pki-ca-10.4.1-11.el7.noarch
pki-tps-10.4.1-10.el7pki.x86_64
pki-tks-10.4.1-10.el7pki.noarch
pki-core-debuginfo-10.4.1-11.el7.x86_64


Test Cases:
-----------

Test Case 1:
===========
 When cmc.revokeCert.sharedSecret.class and cmc.sharedSecret.class are not present in CS.cfg

1. Install CA with new bits i.e pki-ca-10.4.1-11.el7.noarch.
2. Verified by default CS.cfg doesn't have:
cmc.revokeCert.sharedSecret.class=com.netscape.cms.authentication.SharedSecret
cmc.sharedSecret.class=com.netscape.cms.authentication.SharedSecret
3. perform one CMC test and see how it works if above two properties are missing from CA's CS.cfg.

<snip output>
Number of controls is 1
Control #0: CMCStatusInfo
   OID: {1 3 6 1 5 5 7 7 1}
   BodyList: 0 
   Status String: Proof-of-Identification Verification Failed after verifyIdentityProofV2
   OtherInfo type: FAIL
</snip output>

Test Case 2: Add the two properties manually in CS.cfg and restart CA.
===========

1. Add the two properties manually in CS.cfg and make sure CMC tests worked.
2. Features tested and verified as part of this testing:

-- User-signed CMC requests Example (with PopLinkWitnessV2)
-- Self-Signed CMC Request Example (with IdentityProofV2)
-- User-signed CMC request Without POP (Encrypted POP / Decrypted POP)
-- User-Signed CMC Renewal Request

I have tried to cover basic sanity testing for CMC.Please revert if you think any other test case I need to cover as part of this testing.
Comment 11 Geetika Kapoor 2017-07-26 00:10:27 EDT
Marking bug as verified.
Comment 13 errata-xmlrpc 2017-08-01 07:31:47 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2335

Note You need to log in before you can comment on or make changes to this bug.