View Issue Details

IDProjectCategoryView StatusLast Update
0012825CentOS-7nsspublic2017-02-15 15:19
Status newResolutionopen 
Product Version7.3.1611 
Target VersionFixed in Version 
Summary0012825: NSS does not support the RSASSA-PSS certificate signing algorithm
DescriptionThe RSASSA-PSS certificate signing algorithm is not implemented in NSS which cause verification of certificates signed with that algorithm to fail.

In my specific case that mean that smartcard login through pam_pkcs11 using a card containing certificates signed using RSASSA-PSS will fail.
Additional InformationFor pam_pkcs11 users, the problem can be worked around by rebuilding the pam_pkcs11 package with support for OpenSSL instead of NSS.

1. Download the src-rpm
2. Install it using rpm -ivh filename.rpm
3. Edit ~/rpmbuild/SPECS/pam_pkcs11.spec; remove --with-nss from the %build section.
4. Rebuild: rpmbuild --ba ~/rpmbuild/SPECS/pam_pkcs11.spec
5. Install the new RPM from ~/rpmbuild/RPMS/x86_64/...
TagsNo tags attached.


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2017-02-15 15:19 Pquq12 New Issue