On 04/08/2013 08:42 AM, Martin Kosek wrote: > On 04/08/2013 10:48 AM, Jan Cholasta wrote: >> On 8.4.2013 10:47, Jan Cholasta wrote: >>> Hi, >>> >>> this patch fixes <https://fedorahosted.org/freeipa/ticket/3552>. >>> >>> Honza >>> >> Re-sending with correct subject. >> > I tested the change both for upgrades and for fresh installs and it worked > fine > both cases, even when testing with Firefox enforcing mode. > > So far, as the biggest issue in current process I see NSS not being able to > fallback to other defined OCSP responder (I tested with Firefox 20). This way, > Firefox will fail validating the FreeIPA site when the first tested OCSP > responder is not available (e.g. the original IPA CA signing the http cert, or > an `ipa-ca.$domain` host that is currently not up).
Have we filed a ticket with FF? > > Martin > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
