389e2ee p11_child: add 'soft_ocsp' and 'soft_crl options

11 files Authored by sbose 4 years ago, Committed by pbrezina 4 years ago,
    p11_child: add 'soft_ocsp' and 'soft_crl options
    
    To make the checks for revoked certificates more flexible if the system
    is offline this patch add the new values for the
    'certificate_verification' option. With 'soft_ocsp' the OCSP check is
    skipped if the OCSP responder cannot be connected. With 'soft_crl' an
    expired CRL will be ignored.
    
    If a certificate is considered valid dues to one of those option a
    syslog message is generated to indicate that the certificate was allowed
    because the check if the certificate was revoked was ignored.
    
    Related to https://pagure.io/SSSD/sssd/issue/3677
    
    Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
    
        
file modified
+2 -0
file modified
+11 -0
file modified
+30 -0
file modified
+2 -0
file modified
+339 -0
file modified
+29 -3