Bug 623494 - CRL cert "next update time" seems to be hardcoded for 24hr
Summary: CRL cert "next update time" seems to be hardcoded for 24hr
Status: CLOSED NOTABUG
Alias: None
Product: Candlepin
Classification: Community
Component: candlepin   
(Show other bugs)
Version: 0.5
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Dmitri Dolguikh
QA Contact: wes hayutin
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-08-11 22:39 UTC by wes hayutin
Modified: 2015-05-14 15:23 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-09-21 15:29:29 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description wes hayutin 2010-08-11 22:39:04 UTC
pinsetter.org.fedoraproject.candlepin.pinsetter.tasks.CertificateRevocationListTask.schedule = 0 0/3 * * * ?


Certificate Revocation List (CRL):
        Version 2 (0x1)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: /CN=10.16.120.131/C=US/L=Raleigh
        Last Update: Aug 11 22:33:00 2010 GMT
        Next Update: Aug 12 22:33:00 2010 GMT
        CRL extensions:
            X509v3 Authority Key Identifier: 
                keyid:76:5F:97:A5:C4:B8:A5:0F:BA:E8:E1:18:A9:35:71:FD:8F:B0:90:67
                DirName:/CN=10.16.120.131/C=US/L=Raleigh
                serial:80:D4:49:9D:A0:18:29:B4

            X509v3 CRL Number: 
                10


Shouldnt the "Next Update:" reflect the actual setting in candlepin.conf?
Not sure if this is by design, but I wanted to double check and open a bug.

Comment 1 Dmitri Dolguikh 2010-09-21 15:29:29 UTC
From rfc 3280:

5.1.2.5  Next Update

   This field indicates the date by which the next CRL will be issued.
   The next CRL could be issued before the indicated date, but it will
   not be issued any later than the indicated date.  CRL issuers SHOULD
   issue CRLs with a nextUpdate time equal to or later than all previous
   CRLs.  nextUpdate may be encoded as UTCTime or GeneralizedTime.

The above behaviour is not a bug according to RFC.


Note You need to log in before you can comment on or make changes to this bug.