Bug 426439 - Unable to load CRL file for a DS instance - when its placed under /etc/dirsrv/slapd-INSTANCE
Unable to load CRL file for a DS instance - when its placed under /etc/dirsrv...
Product: Red Hat Directory Server
Classification: Red Hat
Component: UI - Configuration (Show other bugs)
All Linux
high Severity high
: DS8.1
: ---
Assigned To: Rich Megginson
Chandrasekar Kannan
Depends On:
Blocks: 249650 FDS1.2.0
  Show dependency treegraph
Reported: 2007-12-20 19:25 EST by Chandrasekar Kannan
Modified: 2015-01-04 18:29 EST (History)
5 users (show)

See Also:
Fixed In Version: 8.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-04-29 19:01:31 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
diffs (10.53 KB, patch)
2008-12-15 14:11 EST, Rich Megginson
no flags Details | Diff
cvs commit log (175 bytes, text/plain)
2008-12-15 15:07 EST, Rich Megginson
no flags Details
crl file (2.32 MB, text/plain)
2009-04-03 09:10 EDT, Jenny Galipeau
no flags Details

  None (edit)
Description Chandrasekar Kannan 2007-12-20 19:25:09 EST
Attempts to load CRL (Base64) file to DS fails.

- Open DS console
- Open Directory Server Instance
- goto manage certificates
- goto revoked certs
- Click on Add
- Point to a CRL base64 encoded file that's located under 

Console complains that it can't locate the file.

- Copy the CRL base64 encoded file to 

Console is now able to load the crl file.

Expected Results:
 - CRL file should be placed at the instance config level
   and not at the admin server level.

We could release note this for DS8.0 but fix the path issue
in 8.1
Comment 1 Rich Megginson 2008-12-15 14:11:07 EST
Created attachment 327005 [details]
Comment 2 Rich Megginson 2008-12-15 15:07:25 EST
Created attachment 327016 [details]
cvs commit log

Reviewed by: nhosoi (Thanks!)
Fix Description: The main problem was that it was not using the getSecurityDir function to get the security dir based on the SIE passed in.  This function is called in main after getting the SIE.  I changed the code to set this value in a static variable that can be used throughout the program.
In addition, I found and fixed some other bugs related to CRL handling:
1) The code did not work with ASCII CRLs generated by newer versions of crlutil which use the BEGIN CRL header.  I added processing for that header type.
2) The code did not handle date/time in generalized time format.  I added code to format the date/time based on the type of date/time stored in the CRL.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
Comment 3 Jenny Galipeau 2009-04-03 09:10:09 EDT
Created attachment 338036 [details]
crl file
Comment 4 Jenny Galipeau 2009-04-03 09:11:19 EDT
attempting to import attached crl file from 
All are resulting in file not found error.
Comment 5 Jenny Galipeau 2009-04-03 11:46:38 EDT
crl file must reside in /etc/dirsrv/slapd-ID/ and input only file name - not full path.

Entering only file name works.  
Verified RHEL 5 DS 8.1
Comment 6 Chandrasekar Kannan 2009-04-29 19:01:31 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.