nss/nss-turn-off-expired-ocsp-cert.patch
2021-01-22 16:45:23 +00:00

20 lines
678 B
Diff

diff --git a/tests/chains/scenarios/nameconstraints.cfg b/tests/chains/scenarios/nameconstraints.cfg
--- a/tests/chains/scenarios/nameconstraints.cfg
+++ b/tests/chains/scenarios/nameconstraints.cfg
@@ -159,12 +159,12 @@ verify NameConstraints.dcissblocked:x
verify NameConstraints.dcissallowed:x
result pass
# Subject: "O = IPA.LOCAL 201901211552, CN = OCSP Subsystem"
#
# This tests that a non server certificate (i.e. id-kp-serverAuth
# not present in EKU) does *NOT* have CN treated as dnsName for
# purposes of Name Constraints validation
-verify NameConstraints.ocsp1:x
- usage 10
- result pass
+#verify NameConstraints.ocsp1:x
+# usage 10
+# result pass