New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file #6086
Labels
Comments
Bugzilla Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1927553 |
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this issue
Apr 6, 2022
Enable support for more than one CRL PEM file. p11_child parses the crl_file list passed as argument, and makes the verification using all the files. Moreover, add a new test case in the unit tests to check that the p11_child crl_file argument has been parsed correctly. Resolves: SSSD#6086 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this issue
Apr 8, 2022
Enable support for more than one CRL PEM file. p11_child parses the crl_file list passed as argument, and makes the verification using all the files. Moreover, add a new test case in the unit tests to check that the p11_child crl_file argument has been parsed correctly. Resolves: SSSD#6086 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this issue
Apr 8, 2022
Enable support for more than one CRL PEM file. p11_child parses the crl_file list passed as argument, loads all the files and makes the validation. Finally, add a new test case in test_utils to check that the p11_child crl_file argument has been parsed correctly. Add another three test cases in test_oam_srv to check the validation process. Resolves: SSSD#6086 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this issue
Apr 8, 2022
Enable support for more than one CRL PEM file. p11_child parses the crl_file list passed as argument, loads all the files and makes the validation. Finally, add a new test case in test_utils to check that the p11_child crl_file argument has been parsed correctly. Add another three test cases in test_oam_srv to check the validation process. Resolves: SSSD#6086 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this issue
Apr 11, 2022
Enable support for more than one CRL PEM file. p11_child parses the crl_file list passed as argument, loads all the files and makes the validation. Finally, add a new test case in test_utils to check that the p11_child crl_file argument has been parsed correctly. Add another three test cases in test_oam_srv to check the validation process. Resolves: SSSD#6086 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this issue
Apr 12, 2022
Enable support for more than one CRL PEM file. p11_child parses the crl_file list passed as argument, loads all the files and makes the validation. Finally, add a new test case in test_utils to check that the p11_child crl_file argument has been parsed correctly. Add another five test cases in test_oam_srv to check the validation process. Resolves: SSSD#6086 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this issue
Apr 13, 2022
Enable support for more than one CRL PEM file. p11_child parses the crl_file list passed as argument, loads all the files and makes the validation. Finally, add a new test case in test_utils to check that the p11_child crl_file argument has been parsed correctly. Add another five test cases in test_oam_srv to check the validation process. Resolves: SSSD#6086 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this issue
Apr 13, 2022
Enable support for more than one CRL PEM file. p11_child parses the crl_file list passed as argument, loads all the files and makes the validation. Finally, add a new test case in test_utils to check that the p11_child crl_file argument has been parsed correctly. Add another five test cases in test_oam_srv to check the validation process. :config: multiple crl_file arguments can be used in the certificate_verification option. Resolves: SSSD#6086 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
pbrezina
pushed a commit
that referenced
this issue
Apr 28, 2022
Enable support for more than one CRL PEM file. p11_child parses the crl_file list passed as argument, loads all the files and makes the validation. Finally, add a new test case in test_utils to check that the p11_child crl_file argument has been parsed correctly. Add another five test cases in test_oam_srv to check the validation process. :config: multiple crl_file arguments can be used in the certificate_verification option. Resolves: #6086 Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit e83e106)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description of problem:
the sssd.conf option crl_file=/PATH/TO/CRL/FILE provides support for one CRL PEM file ( ./src/p11_child/p11_child_common_utils.c )
there was a need for a configuration like this:
certificate_verification = no_ocsp,crl_file=/etc/sssd/pki/crl/combinedCRL4.pem,crl_file=/etc/sssd/pki/crl/combinedCRL3.pem,crl_file=/etc/sssd/pki/crl/combinedCRL2.pem
but only 1 CRL can be used:
certificate_verification = no_ocsp,crl_file=/etc/sssd/pki/crl/combinedCRL4.pem
Version-Release number of selected component (if applicable):
RHEL-8.3
sssd-2.3.0-9.el8.x86_64
How reproducible:
Steps to Reproduce:
1.
2.
3.
Actual results:
Expected results:
Additional info:
The text was updated successfully, but these errors were encountered: