Attempts to load CRL (Base64) file to DS fails. - Open DS console - Open Directory Server Instance - goto manage certificates - goto revoked certs - Click on Add - Point to a CRL base64 encoded file that's located under /etc/dirsrv/slapd-<instance-name>/ Console complains that it can't locate the file. - Copy the CRL base64 encoded file to /etc/dirsrv/admin-serv/ Console is now able to load the crl file. Expected Results: - CRL file should be placed at the instance config level and not at the admin server level. We could release note this for DS8.0 but fix the path issue in 8.1
Created attachment 327005 [details] diffs
Created attachment 327016 [details] cvs commit log Reviewed by: nhosoi (Thanks!) Fix Description: The main problem was that it was not using the getSecurityDir function to get the security dir based on the SIE passed in. This function is called in main after getting the SIE. I changed the code to set this value in a static variable that can be used throughout the program. In addition, I found and fixed some other bugs related to CRL handling: 1) The code did not work with ASCII CRLs generated by newer versions of crlutil which use the BEGIN CRL header. I added processing for that header type. 2) The code did not handle date/time in generalized time format. I added code to format the date/time based on the type of date/time stored in the CRL. Platforms tested: RHEL5 Flag Day: no Doc impact: no
Created attachment 338036 [details] crl file
attempting to import attached crl file from /etc/dirsrv/slapd-ID/ /etc/dirsrv/admin-serv/ /tmp/ All are resulting in file not found error.
crl file must reside in /etc/dirsrv/slapd-ID/ and input only file name - not full path. Entering only file name works. Verified RHEL 5 DS 8.1
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-0455.html