https://bugzilla.redhat.com/show_bug.cgi?id=2087911
--- Doc Text *updated* by Todd Cullum <tcullum(a)redhat.com> ---
There is a flaw in openssl's Online Certificate Status Protocol (OCSP) response functionality, in the signer certificate verification routines. This flaw could result in a linked application falsely believing that a x.509 Digital Certificate is either "good" or "unknown" when it has actually been revoked. This flaw requires that the application use a non-default configuration and exploitation of this flaw could result in impact to data integrity and/or confidentiality.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2087911
https://bugzilla.redhat.com/show_bug.cgi?id=2087911
--- Comment #3 from Todd Cullum <tcullum(a)redhat.com> ---
I dropped the severity to Moderate because the OCSP_NOCHECKS is not default,
not expected to be commonly used, and also there is still an indication of
failure at the CLI for the oscp application.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2087911