Description of problem: Enhancement request to provide page size used during CRL generation as configuration parameter. Version-Release number of selected component (if applicable): 1.0 How reproducible: N/A Steps to Reproduce: N/A Actual results: Expected results: Above parameter will allow to tune CRL generation. Additional info:
Created attachment 304671 [details] CRL page size tunable parameter
+ mharmsen - attachment (id=304671) - update the release number and changelog comment in the pki/linux/ca and pki/linux/common specfiles.
Created attachment 304677 [details] spec diffs
+ mharmsen attachment (id=304677) - one suggestion; always place "bugzilla"/"Bugzilla" in front of the bug # so that we know which bug system was being utilized
pki/base/ca/src/com/netscape/ca[50] svn commit CRLIssuingPoint.java Sending CRLIssuingPoint.java Transmitting file data . Committed revision 30. pki/base/common/src/com/netscape/certsrv/ca[54] svn commit ICertificateAuthority.java Sending ICertificateAuthority.java Transmitting file data . Committed revision 31. pki/linux/common[58] svn commit pki-common.spec Sending pki-common.spec Transmitting file data . Committed revision 32. pki/linux/ca[60] svn commit pki-ca.spec Sending pki-ca.spec Transmitting file data . Committed revision 33.
Please add steps to verify this bug. Thank you
here's the steps, I think... 1 - generate a CRL that has like 10 revoked certs 2 - edit CS.cfg to have ca.crl.MasterCRL.pageSize=2 3 - restart ca 4 - goto the ca Agent Page -> Display CRL -> MasterCRL -> Entire CRL. See if the UI allows you to page through the 10 entries 2 at a time.
1. set ca.crl.MasterCRL.pageSize=2 and restarted ca 2. With 6 revoked certificates on CRL 3. Updated CRL 4. from ca Agent page displayed entire CRL 5. All 6 were listed, not open to page through 2 at a time.
Sorry. Change of instructions. 1 - set CS.cfg to have ca.crl.pageSize=1 2 - restart ca 3 - generate a CRL that has like 10 revoked certs 4 - watch CA debug log ... you will see the following line "CRL Page Size:" make sure number matches your config setting. This is enough to verify the bug. But I would like to see how the VLV search is in turn constructed by looking at the slapd logs... and we should probably decipher that vlv search and ensure this pageSize is actually fed in for the search
Verified: 1. set page size to 2 and restarted ca Debug log: [06/Jul/2009:12:44:35][main]: CRL Page Size: 2 2. update CRL - clear cache enabled. DS access log: [root@qe-blade-11 installscripts]# tail -f /var/log/dirsrv/slapd-qe-blade-11/access [06/Jul/2009:12:46:36 -0400] conn=137 op=11 SRCH base="ou=certificateRepository, ou=ca, dc=qe-blade-11.idm.lab.bos.redhat.com-pki-ca" scope=1 filter="(certStatus=REVOKED)" attrs="serialno revInfo objectClass" [06/Jul/2009:12:46:36 -0400] conn=137 op=11 SORT serialno (0) [06/Jul/2009:12:46:36 -0400] conn=137 op=11 VLV 0:2:A 0:0 (0) vlv is 2.