nss/nss-turn-off-expired-ocsp-cert.patch
DistroBaker 7ee7f9bbbe Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/nss.git#4d0b92b33350fc4f84936b3fe001ddec026b5d3a
2021-01-22 05:44:38 +00:00

20 lines
678 B
Diff

diff --git a/tests/chains/scenarios/nameconstraints.cfg b/tests/chains/scenarios/nameconstraints.cfg
--- a/tests/chains/scenarios/nameconstraints.cfg
+++ b/tests/chains/scenarios/nameconstraints.cfg
@@ -159,12 +159,12 @@ verify NameConstraints.dcissblocked:x
verify NameConstraints.dcissallowed:x
result pass
# Subject: "O = IPA.LOCAL 201901211552, CN = OCSP Subsystem"
#
# This tests that a non server certificate (i.e. id-kp-serverAuth
# not present in EKU) does *NOT* have CN treated as dnsName for
# purposes of Name Constraints validation
-verify NameConstraints.ocsp1:x
- usage 10
- result pass
+#verify NameConstraints.ocsp1:x
+# usage 10
+# result pass