Bug 733440 - [RFE] add option to allow server to start with an expired certificate
Summary: [RFE] add option to allow server to start with an expired certificate
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: 389-ds-base
Version: 6.2
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: rc
: ---
Assignee: Rich Megginson
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On: 728592
Blocks: 690318 728950
TreeView+ depends on / blocked
 
Reported: 2011-08-25 17:37 UTC by Rich Megginson
Modified: 2015-01-04 23:50 UTC (History)
9 users (show)

Fixed In Version: 389-ds-base-1.2.9.8-1.el6
Doc Type: Enhancement
Doc Text:
Clone Of: 728592
Environment:
Last Closed: 2011-12-06 17:56:09 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2011:1711 0 normal SHIPPED_LIVE 389-ds-base bug fix and enhancement update 2011-12-06 01:02:20 UTC

Description Rich Megginson 2011-08-25 17:37:44 UTC 
This was fixed after 1.2.9.6 so not included in the rebase, so it has been cloned.

+++ This bug was initially created as a clone of Bug #728592 +++

Description of problem:

389-ds is the heart of IPA and in order to renew any certificate it needs to be up and running. We therefore need an option in dse.ldif to allow 389-ds to launch even if its certificate is expired, understanding that proper SSL clients will not communicate with it.

This relates to IPA ticket https://fedorahosted.org/freeipa/ticket/1576

--- Additional comment from rmeggins on 2011-08-08 11:33:46 EDT ---

What is the severity?  What is the timeframe you need a solution by?
also see my comments in the ticket

--- Additional comment from nkinder on 2011-08-23 17:25:14 EDT ---

Created attachment 519524 [details]
Patch

--- Additional comment from nkinder on 2011-08-23 17:46:21 EDT ---

Pushed patch to master.  Thanks to Noriko and Rich for their reviews!

Counting objects: 21, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (11/11), done.
Writing objects: 100% (11/11), 2.09 KiB, done.
Total 11 (delta 9), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   96663b0..971dded  master -> master

--- Additional comment from nkinder on 2011-08-23 17:50:40 EDT ---

Pushed patch to 389-ds-base-1.2.9 branch:

Counting objects: 21, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (11/11), done.
Writing objects: 100% (11/11), 2.09 KiB, done.
Total 11 (delta 9), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   c0b0ef8..5ff4af3  129-local -> 389-ds-base-1.2.9
Comment 2 Amita Sharma 2011-10-13 09:42:48 UTC 
Bug test is automated under SSL test suit and test cases are passing hence marking as VERIFIED.
Comment 3 errata-xmlrpc 2011-12-06 17:56:09 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2011-1711.html
Note You need to log in before you can comment on or make changes to this bug.