On 04/08/2013 10:48 AM, Jan Cholasta wrote: > On 8.4.2013 10:47, Jan Cholasta wrote: >> Hi, >> >> this patch fixes <https://fedorahosted.org/freeipa/ticket/3552>. >> >> Honza >> > > Re-sending with correct subject. >
I tested the change both for upgrades and for fresh installs and it worked fine both cases, even when testing with Firefox enforcing mode. So far, as the biggest issue in current process I see NSS not being able to fallback to other defined OCSP responder (I tested with Firefox 20). This way, Firefox will fail validating the FreeIPA site when the first tested OCSP responder is not available (e.g. the original IPA CA signing the http cert, or an `ipa-ca.$domain` host that is currently not up). Martin _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
