Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problems with FIPS mode #2620

Closed
pki-bot opened this issue Oct 3, 2020 · 5 comments
Closed

Problems with FIPS mode #2620

pki-bot opened this issue Oct 3, 2020 · 5 comments
Labels
Closed: Fixed
Milestone
10.3.8

Comments

@pki-bot
Copy link

pki-bot commented Oct 3, 2020

This issue was migrated from Pagure Issue #2500. Originally filed by mharmsen (@mharmsen) on 2016-10-05 18:58:36:

NSS token is hard coded in SigningUnit.java class causing Dogtag install to fail
when system is in FIPS mode.

Steps to Reproduce:

1. Configure system for FIPS
2. Attempt to install Dogtag

Actual results:

Install fails

Expected results:

Install succeeds
@pki-bot pki-bot added this to the 10.3.8 milestone Oct 3, 2020
@pki-bot pki-bot closed this as completed Oct 3, 2020
@pki-bot
Copy link
Author

pki-bot commented Oct 3, 2020

Comment from mharmsen (@mharmsen) at 2016-10-05 19:01:40

Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1382081 (Red Hat Certificate System)

@pki-bot
Copy link
Author

pki-bot commented Oct 3, 2020

Comment from edewata (@edewata) at 2016-10-14 03:58:30

Fixed in master:

@pki-bot
Copy link
Author

pki-bot commented Oct 3, 2020

Comment from edewata (@edewata) at 2016-11-02 01:08:08

Additional changes in master:

@pki-bot
Copy link
Author

pki-bot commented Oct 3, 2020

Comment from mharmsen (@mharmsen) at 2016-11-04 01:25:26

Cherry-picked to DOGTAG_10_3_BRANCH:

commit 8bef45df5e3d287111df8e0a33519a065e3e7b70
Author: Endi S. Dewata <edewata@redhat.com>
Date:   Tue Nov 1 22:49:22 2016 +0100

    Fixed KRA key recovery via CLI in FIPS mode.
    
    Based on investigation and solution provided by cfu and jmagne,
    the SecurityDataRecoveryService.serviceRequest() has been modified
    to use EncryptionUnit.unwrap_temp() for key recovery via CLI in
    FIPS mode.
    
    https://fedorahosted.org/pki/ticket/2500
    (cherry picked from commit 650b00dc57bb0c51c1e327ec3064531c26f80c43)

commit ec165a0d6cd805d1b5d4fbd4fff44ff00bfcaee0
Author: Endi S. Dewata <edewata@redhat.com>
Date:   Sat Oct 29 07:52:36 2016 +0200

    Reformatted SecurityDataRecoveryService.serviceRequest().
    
    The code in SecurityDataRecoveryService.serviceRequest() has been
    reformatted for clarity.
    
    https://fedorahosted.org/pki/ticket/2500
    (cherry picked from commit 613d8e8281cc336d7e1c8291abedb4b2321f93ec)

@pki-bot
Copy link
Author

pki-bot commented Oct 3, 2020

Comment from mharmsen (@mharmsen) at 2017-02-27 14:08:30

Metadata Update from @mharmsen:

  • Issue assigned to edewata
  • Issue set to the milestone: 10.3.8

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Closed: Fixed
Projects
None yet
Milestone
10.3.8
Development

No branches or pull requests
1 participant
@pki-bot