389-ds-base

Clone
Source Code
GIT

#47943 Search nssVersion in 'cn=encryption,cn=config' can report wrong value
Closed: wontfix None Opened 9 years ago by tbordaz.

Closed: wontfix
Reopen Issue

The test case is:

  • Create/start an instance
  • updates sslVersionMin=tls1.0 (a value different than the initial value)
  • ldapsearch "cn=encryption,cn=config" and check that reported sslVersionMin != tls1.0 (it contains the initial value)
  • Check in dse.ldif that the sslVersionMin in "cn=encryption,cn=config" contains tls1.0
  • restart the instance
  • ldapsearch "cn=encryption,cn=config" report the new value tls1.0

The reason is that search_encryption reports sslVersion[Min|Max] from slapdNSSVersions.min|max that are set at startup.

A workaround is to restart the instance

The SSL Version Range is set in slapd_ssl_init2, which is called from main at the startup.

The entry point for slapd_ssl_init and slapd_ssl_init2 are prepared in get_entry_point, but it looks they are not called dynamically. That's said, SSL Version's dynamic update is not implemented yet.

Making a dup of this ticket #47452 - configure NSS - add/remove keys, certs, settings - without server restart

Metadata Update from @nhosoi:
- Issue set to the milestone: N/A
7 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/1274

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Duplicate)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
major
None
None
IPA
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.