On 04/08/2013 10:48 AM, Jan Cholasta wrote:
> On 8.4.2013 10:47, Jan Cholasta wrote:
>> Hi,
>>
>> this patch fixes <https://fedorahosted.org/freeipa/ticket/3552>.
>>
>> Honza
>>
> 
> Re-sending with correct subject.
> 

I tested the change both for upgrades and for fresh installs and it worked fine
both cases, even when testing with Firefox enforcing mode.

So far, as the biggest issue in current process I see NSS not being able to
fallback to other defined OCSP responder (I tested with Firefox 20). This way,
Firefox will fail validating the FreeIPA site when the first tested OCSP
responder is not available (e.g. the original IPA CA signing the http cert, or
an `ipa-ca.$domain` host that is currently not up).

Martin

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to