-
Notifications
You must be signed in to change notification settings - Fork 130
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Verify system cert flags in the beginning of Selftest #3183
Comments
Comment from mharmsen (@mharmsen) at 2018-09-25 11:34:21 Metadata Update from @mharmsen:
|
Comment from dmoluguw (@SilleBille) at 2018-09-25 13:08:59 Metadata Update from @SilleBille:
|
Comment from dmoluguw (@SilleBille) at 2018-09-25 13:09:11 Metadata Update from @SilleBille:
|
Comment from dmoluguw (@SilleBille) at 2018-09-25 13:09:19 Metadata Update from @SilleBille:
|
Comment from dmoluguw (@SilleBille) at 2018-09-25 16:14:15 Metadata Update from @SilleBille:
|
Comment from dmoluguw (@SilleBille) at 2018-09-25 16:14:21 Metadata Update from @SilleBille:
|
Comment from dmoluguw (@SilleBille) at 2018-09-25 16:14:27 Metadata Update from @SilleBille:
|
Comment from dmoluguw (@SilleBille) at 2018-09-25 16:14:43 Metadata Update from @SilleBille:
|
This issue is addressed (not fixed) by trust flags healthcheck. IOW, when you run the I'll let you guys decide if we want to close this issue OR if we want to keep this issue and include a test in the self-check, that runs during the start of the server. |
This issue was migrated from Pagure Issue #3065. Originally filed by dmoluguw (@SilleBille) on 2018-09-24 17:17:49:
When selftests are executed, if the nssdb doesn't have certs with correct flags, the debug logs will be misleading.
Solution:
Verify flags of the certs in the beginning of the SelfTest process before verifying the certificate validity.
To reproduce:
debug-2018-09-xx.log
ca_audit_signing should have trust flags of "u,u,Pu"
The text was updated successfully, but these errors were encountered: