freeipa

Clone
Source Code
GIT

e0b32da Turn on NSSOCSP check in mod_nss conf

5 files Authored by pvomacka 6 years ago, Committed by tkrizek 6 years ago,
raw patch tree parent
5 files changed. 73 lines added. 1 lines removed.
freeipa.spec.in
file modified
+4 -0
install/restart_scripts/restart_httpd
file modified
+13 -1
ipaserver/install/httpinstance.py
file modified
+30 -0
ipaserver/install/server/upgrade.py
file modified
+25 -0
ipaserver/setup.py
file modified
+1 -0 
    Turn on NSSOCSP check in mod_nss conf
    
    Turn on NSSOCSP directive during install/replica install/upgrade.
    That check whether the certificate which is used for login is
    revoked or not using OSCP.
    
    Marks the server cert in httpd NSS DB as trusted peer ('P,,')
    to avoid chicken and egg problem when it is needed to contact
    the OCSP responder when httpd is starting.
    
    https://pagure.io/freeipa/issue/6370
    
    Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
    Reviewed-By: Jan Cholasta <jcholast@redhat.com>
    Reviewed-By: Martin Basti <mbasti@redhat.com>
file modified
+4 -0
file modified
+13 -1
file modified
+30 -0
file modified
+25 -0
file modified
+1 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.