NSS is going to disallow all SSL renegotiation by default. Because of this we need to always use the agent port of the dogtag server which always requires SSL client authentication. The end user port will prompt for a certificate if required but will attempt to re-do the handshake to make this happen which will fail with newer versions of NSS.

This fixed version of NSS is currently in Fedora updates-testing but this patch should work with either release.


Attachment: freeipa-356-dogtag.patch
Description: application/mbox

Freeipa-devel mailing list

Reply via email to