Bug 668887 - Switch on use of NSS for krb5 pkinit
Switch on use of NSS for krb5 pkinit
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: krb5 (Show other bugs)
Unspecified Unspecified
medium Severity medium
: rc
: ---
Assigned To: Nalin Dahyabhai
BaseOS QE Security Team
: FutureFeature
Depends On: 642417 668055 668882 668884 671266 710298
Blocks: 642407
  Show dependency treegraph
Reported: 2011-01-11 17:30 EST by Nalin Dahyabhai
Modified: 2015-04-03 08:45 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-04-03 08:45:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Nalin Dahyabhai 2011-01-11 17:30:33 EST
The krb5 pkinit plugin currently uses OpenSSL to create and parse CMS messages, parse and verify certificates, and generally perform its public key operations.  The logic which uses OpenSSL directly is confined to a number of functions exported from one source file.  We should finish implementing the same functions using NSS and build using that implementation instead of the one that uses OpenSSL.

Note You need to log in before you can comment on or make changes to this bug.