Red Hat Bugzilla – Bug 488380
Change "mod_revocator" to bind against "mozldap" rather than "openldap" . . .
Last modified: 2015-01-04 18:36:54 EST
For RHCS 8.0, revocation checking needs to be supplied for the "pki-ra" and "pki-tps" components. Since both of these components either are, or rely upon, Apache modules, a runtime requirement of "mod_revocator" will be added to both components to fulfill this need.
Currently, "mod_revocator" binds against "openldap" which uses "openssl"; "pki-ra" and "pki-tps" must use "nss" for their cryptographic processes, and therefore, it has been requested that "mod_revocator" be changed to bind against "mozldap" which uses "nss" to meet this requirement.
The question to answer is: Where is CRL?
If the answer is: in an LDAP attribute that I fetch using LDAPS then linking with mozldap may be the right thing to do.
If the answer is: at a web address then there is no explicit need to change the linkage (other than offering a choice).
Per a discussion between Rob, Christina, Andrew, and myself, we determined that we were not going down this path.
Rather, we will close this bug as WON'T FIX, and will create a new bug assigned to Rob to build mod_revocator for 32-bit/64-bit RHEL 5 using the latest NSS (3.12.x).