[Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file #6086
Assignees
Labels
Comments
|
Bugzilla Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1927553 |
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this issue
Apr 6, 2022
Enable support for more than one CRL PEM file. p11_child parses the crl_file list passed as argument, and makes the verification using all the files. Moreover, add a new test case in the unit tests to check that the p11_child crl_file argument has been parsed correctly. Resolves: SSSD#6086 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this issue
Apr 8, 2022
Enable support for more than one CRL PEM file. p11_child parses the crl_file list passed as argument, and makes the verification using all the files. Moreover, add a new test case in the unit tests to check that the p11_child crl_file argument has been parsed correctly. Resolves: SSSD#6086 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this issue
Apr 8, 2022
Enable support for more than one CRL PEM file. p11_child parses the crl_file list passed as argument, loads all the files and makes the validation. Finally, add a new test case in test_utils to check that the p11_child crl_file argument has been parsed correctly. Add another three test cases in test_oam_srv to check the validation process. Resolves: SSSD#6086 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this issue
Apr 8, 2022
Enable support for more than one CRL PEM file. p11_child parses the crl_file list passed as argument, loads all the files and makes the validation. Finally, add a new test case in test_utils to check that the p11_child crl_file argument has been parsed correctly. Add another three test cases in test_oam_srv to check the validation process. Resolves: SSSD#6086 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this issue
Apr 11, 2022
Enable support for more than one CRL PEM file. p11_child parses the crl_file list passed as argument, loads all the files and makes the validation. Finally, add a new test case in test_utils to check that the p11_child crl_file argument has been parsed correctly. Add another three test cases in test_oam_srv to check the validation process. Resolves: SSSD#6086 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this issue
Apr 12, 2022
Enable support for more than one CRL PEM file. p11_child parses the crl_file list passed as argument, loads all the files and makes the validation. Finally, add a new test case in test_utils to check that the p11_child crl_file argument has been parsed correctly. Add another five test cases in test_oam_srv to check the validation process. Resolves: SSSD#6086 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this issue
Apr 13, 2022
Enable support for more than one CRL PEM file. p11_child parses the crl_file list passed as argument, loads all the files and makes the validation. Finally, add a new test case in test_utils to check that the p11_child crl_file argument has been parsed correctly. Add another five test cases in test_oam_srv to check the validation process. Resolves: SSSD#6086 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this issue
Apr 13, 2022
Enable support for more than one CRL PEM file. p11_child parses the crl_file list passed as argument, loads all the files and makes the validation. Finally, add a new test case in test_utils to check that the p11_child crl_file argument has been parsed correctly. Add another five test cases in test_oam_srv to check the validation process. :config: multiple crl_file arguments can be used in the certificate_verification option. Resolves: SSSD#6086 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
pbrezina
pushed a commit
that referenced
this issue
Apr 28, 2022
Enable support for more than one CRL PEM file. p11_child parses the crl_file list passed as argument, loads all the files and makes the validation. Finally, add a new test case in test_utils to check that the p11_child crl_file argument has been parsed correctly. Add another five test cases in test_oam_srv to check the validation process. :config: multiple crl_file arguments can be used in the certificate_verification option. Resolves: #6086 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit e83e106)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description of problem:
the sssd.conf option crl_file=/PATH/TO/CRL/FILE provides support for one CRL PEM file ( ./src/p11_child/p11_child_common_utils.c )
there was a need for a configuration like this:
certificate_verification = no_ocsp,crl_file=/etc/sssd/pki/crl/combinedCRL4.pem,crl_file=/etc/sssd/pki/crl/combinedCRL3.pem,crl_file=/etc/sssd/pki/crl/combinedCRL2.pem
but only 1 CRL can be used:
certificate_verification = no_ocsp,crl_file=/etc/sssd/pki/crl/combinedCRL4.pem
Version-Release number of selected component (if applicable):
RHEL-8.3
sssd-2.3.0-9.el8.x86_64
How reproducible:
Steps to Reproduce:
1.
2.
3.
Actual results:
Expected results:
Additional info:
The text was updated successfully, but these errors were encountered: