728592 – RFE: add option to allow server to start with an expired certificate

Bug 728592 - RFE: add option to allow server to start with an expired certificate

Summary: RFE: add option to allow server to start with an expired certificate

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	389
Classification:	Retired
Component:	Security - SSL
Sub Component:
Version:	1.2.9
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Nathan Kinder
QA Contact:	Viktor Ashirov
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	690318 389_1.2.9 728950 733440
TreeView+	depends on / blocked

Reported:	2011-08-05 17:58 UTC by Rob Crittenden
Modified:	2015-12-07 17:08 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Clones:	733440 (view as bug list)
Environment:
Last Closed:	2015-12-07 17:08:51 UTC
Embargoed:

Attachments	(Terms of Use)
Patch (11.58 KB, patch) 2011-08-23 21:25 UTC, Nathan Kinder	nhosoi: review+ rmeggins: review+	Details \| Diff
View All

Description Rob Crittenden 2011-08-05 17:58:05 UTC

Description of problem:

389-ds is the heart of IPA and in order to renew any certificate it needs to be up and running. We therefore need an option in dse.ldif to allow 389-ds to launch even if its certificate is expired, understanding that proper SSL clients will not communicate with it.

This relates to IPA ticket https://fedorahosted.org/freeipa/ticket/1576

Comment 1 Rich Megginson 2011-08-08 15:33:46 UTC

What is the severity?  What is the timeframe you need a solution by?
also see my comments in the ticket

Comment 2 Nathan Kinder 2011-08-23 21:25:14 UTC

Created attachment 519524 [details]
Patch

Comment 3 Nathan Kinder 2011-08-23 21:46:21 UTC

Pushed patch to master.  Thanks to Noriko and Rich for their reviews!

Counting objects: 21, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (11/11), done.
Writing objects: 100% (11/11), 2.09 KiB, done.
Total 11 (delta 9), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   96663b0..971dded  master -> master

Comment 4 Nathan Kinder 2011-08-23 21:50:40 UTC

Pushed patch to 389-ds-base-1.2.9 branch:

Counting objects: 21, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (11/11), done.
Writing objects: 100% (11/11), 2.09 KiB, done.
Total 11 (delta 9), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   c0b0ef8..5ff4af3  129-local -> 389-ds-base-1.2.9

Comment 9 Amita Sharma 2011-09-26 09:47:42 UTC

Successfully Verified this as a subset of other bug.
Hence marking as VERIFIED.

Note You need to log in before you can comment on or make changes to this bug.