View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0012824||CentOS-6||nss||public||2017-02-15 15:08||2017-02-15 15:08|
|Target Version||Fixed in Version|
|Summary||0012824: NSS does not support the RSASSA-PSS certificate signing algorithm|
|Description||The RSASSA-PSS certificate signing algorithm is not implemented in NSS which cause verification of certificates signed with that algorithm to fail.|
In my specific case that mean that smartcard login through pam_pkcs11 using a card containing certificates signed using RSASSA-PSS will fail.
|Additional Information||For pam_pkcs11 users, the problem can be worked around by rebuilding the pam_pkcs11 package with support for OpenSSL instead of NSS.|
1. Download the src-rpm
2. Install it using rpm -ivh filename.rpm
3. Edit ~/rpmbuild/SPECS/pam_pkcs11.spec; remove --with-nss from the %build section.
4. Rebuild: rpmbuild --ba ~/rpmbuild/SPECS/pam_pkcs11.spec
5. Install the new RPM from ~/rpmbuild/RPMS/x86_64/...
|Tags||No tags attached.|