nss/nss-turn-off-expired-ocsp-cert.patch
Bob Relyea 245982b2c4 Thu Jan 21 2021 Bob Relyea <rrelyea@redhat.com> - 3.60.1-1
Update to NSS 3.60.1
 Drop NODEPEND_FREEBL and LOWHASH
 bug 1919033
2021-01-22 00:10:22 +00:00

20 lines
678 B
Diff

diff --git a/tests/chains/scenarios/nameconstraints.cfg b/tests/chains/scenarios/nameconstraints.cfg
--- a/tests/chains/scenarios/nameconstraints.cfg
+++ b/tests/chains/scenarios/nameconstraints.cfg
@@ -159,12 +159,12 @@ verify NameConstraints.dcissblocked:x
verify NameConstraints.dcissallowed:x
result pass
# Subject: "O = IPA.LOCAL 201901211552, CN = OCSP Subsystem"
#
# This tests that a non server certificate (i.e. id-kp-serverAuth
# not present in EKU) does *NOT* have CN treated as dnsName for
# purposes of Name Constraints validation
-verify NameConstraints.ocsp1:x
- usage 10
- result pass
+#verify NameConstraints.ocsp1:x
+# usage 10
+# result pass