Bug 488380 - Change "mod_revocator" to bind against "mozldap" rather than "openldap" . . .
Change "mod_revocator" to bind against "mozldap" rather than "openldap" . . .
Status: CLOSED WONTFIX
Product: Dogtag Certificate System
Classification: Community
Component: TPS (Show other bugs)
1.0
All Linux
high Severity medium
: ---
: ---
Assigned To: Matthew Harmsen
Chandrasekar Kannan
:
Depends On:
Blocks: 443788
  Show dependency treegraph
 
Reported: 2009-03-03 18:19 EST by Matthew Harmsen
Modified: 2015-01-04 18:36 EST (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-03-05 13:56:42 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Matthew Harmsen 2009-03-03 18:19:08 EST
For RHCS 8.0, revocation checking needs to be supplied for the "pki-ra" and "pki-tps" components.  Since both of these components either are, or rely upon, Apache modules, a runtime requirement of "mod_revocator" will be added to both components to fulfill this need.

Currently, "mod_revocator" binds against "openldap" which uses "openssl";  "pki-ra" and "pki-tps" must use "nss" for their cryptographic processes, and therefore, it has been requested that "mod_revocator" be changed to bind against "mozldap" which uses "nss" to meet this requirement.
Comment 1 Rob Crittenden 2009-03-03 19:41:42 EST
The question to answer is: Where is CRL?

If the answer is: in an LDAP attribute that I fetch using LDAPS then linking with mozldap may be the right thing to do.

If the answer is: at a web address then there is no explicit need to change the linkage (other than offering a choice).
Comment 2 Matthew Harmsen 2009-03-05 13:55:26 EST
Per a discussion between Rob, Christina, Andrew, and myself, we determined that we were not going down this path.

Rather, we will close this bug as WON'T FIX, and will create a new bug assigned to Rob to build mod_revocator for 32-bit/64-bit RHEL 5 using the latest NSS (3.12.x).

Note You need to log in before you can comment on or make changes to this bug.