2017-12-11 14:59 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0012825CentOS-7nsspublic2017-02-15 15:19
ReporterPquq12 
PrioritynormalSeveritymajorReproducibilityalways
StatusnewResolutionopen 
Product Version7.3.1611 
Target VersionFixed in Version 
Summary0012825: NSS does not support the RSASSA-PSS certificate signing algorithm
DescriptionThe RSASSA-PSS certificate signing algorithm is not implemented in NSS which cause verification of certificates signed with that algorithm to fail.

In my specific case that mean that smartcard login through pam_pkcs11 using a card containing certificates signed using RSASSA-PSS will fail.
Additional InformationFor pam_pkcs11 users, the problem can be worked around by rebuilding the pam_pkcs11 package with support for OpenSSL instead of NSS.

1. Download the src-rpm
2. Install it using rpm -ivh filename.rpm
3. Edit ~/rpmbuild/SPECS/pam_pkcs11.spec; remove --with-nss from the %build section.
4. Rebuild: rpmbuild --ba ~/rpmbuild/SPECS/pam_pkcs11.spec
5. Install the new RPM from ~/rpmbuild/RPMS/x86_64/...
TagsNo tags attached.
abrt_hash
URL
Attached Files

-Relationships
+Relationships

-Notes
There are no notes attached to this issue.
+Notes

-Issue History
Date Modified Username Field Change
2017-02-15 15:19 Pquq12 New Issue
+Issue History