rpms / sssd

Clone
Source Code
GIT

Blame SOURCES/0088-Revert-p11_child-make-sure-OCSP-checks-are-done.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   ced1f5999da391400b61715bbeadd618c57a1623
  2.   SOURCES
  3.   0088-Revert-p11_child-make-sure-OCSP-checks-are-done.patch
Blob History Raw
ced1f5 
From 424aa780fbb645214b92cf09f23c905b93bdf267 Mon Sep 17 00:00:00 2001
ced1f5 
From: Sumit Bose <sbose@redhat.com>
ced1f5 
Date: Tue, 12 Dec 2017 15:28:27 +0100
ced1f5 
Subject: [PATCH 88/89] Revert "p11_child: make sure OCSP checks are done"
ced1f5 
MIME-Version: 1.0
ced1f5 
Content-Type: text/plain; charset=UTF-8
ced1f5 
Content-Transfer-Encoding: 8bit
ced1f5
ced1f5 
This reverts commit 2297cc7d6cd5c38a7d64027165e4e82ca497f418.
ced1f5
ced1f5 
Reviewed-by: Fabiano FidĂȘncio <fidencio@redhat.com>
ced1f5 
(cherry picked from commit c221b5fb4d3fc511cebcae2f042e43fb1c577bc7)
ced1f5 
---
ced1f5 
 src/p11_child/p11_child_nss.c | 17 -----------------
ced1f5 
 1 file changed, 17 deletions(-)
ced1f5
ced1f5 
diff --git a/src/p11_child/p11_child_nss.c b/src/p11_child/p11_child_nss.c
ced1f5 
index bf533f3efe4d680f4c6dbd10a0d2c5a5da371c67..21c508eb1b1b68b3606d0a5eed36573b01f27a19 100644
ced1f5 
--- a/src/p11_child/p11_child_nss.c
ced1f5 
+++ b/src/p11_child/p11_child_nss.c
ced1f5 
@@ -338,23 +338,6 @@ int do_work(TALLOC_CTX *mem_ctx, const char *nss_db,
ced1f5 
                       PR_GetError(), PORT_ErrorToString(PR_GetError()));
ced1f5 
                 continue;
ced1f5 
             }
ced1f5 
-
ced1f5 
-            /* with 'certificateUsageCheckAllUsages' set
ced1f5 
-             * CERT_VerifyCertificateNow() does not do OCSP so it must be done
ced1f5 
-             * explicitly */
ced1f5 
-            if (cert_verify_opts->do_ocsp) {
ced1f5 
-                rv = CERT_CheckOCSPStatus(handle, cert_list_node->cert,
ced1f5 
-                                          PR_Now(), NULL);
ced1f5 
-                if (rv != SECSuccess) {
ced1f5 
-                    DEBUG(SSSDBG_OP_FAILURE,
ced1f5 
-                          "Certificate [%s][%s] failed OCSP check [%d][%s], "
ced1f5 
-                          "skipping.\n",
ced1f5 
-                          cert_list_node->cert->nickname,
ced1f5 
-                          cert_list_node->cert->subjectName,
ced1f5 
-                          PR_GetError(), PORT_ErrorToString(PR_GetError()));
ced1f5 
-                    continue;
ced1f5 
-                }
ced1f5 
-            }
ced1f5 
         }
ced1f5
ced1f5 
         if (key_id_in != NULL) {
ced1f5 
--
ced1f5 
2.14.3
ced1f5

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation