Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request addresses RHEL-5043 by improving OCSP timeout handling in p11_child. It introduces a default timeout for soft_ocsp requests to prevent indefinite blocking and adjusts the OCSP deadline calculation to use half of the total allocated timeout, providing a buffer for result processing. Additionally, a new suite of system tests has been added to verify smart card authentication behavior under various OCSP responder availability scenarios. I have no feedback to provide.
|
@krishnavema, @spoore1, what branches does this target? |
thalman
left a comment
thalman
left a comment
There was a problem hiding this comment.
The tests and change looks good, but the requirements should not point to private fork
| git+https://github.com/next-actions/pytest-tier | ||
| git+https://github.com/next-actions/pytest-output | ||
| git+https://github.com/SSSD/sssd-test-framework | ||
| #git+https://github.com/SSSD/sssd-test-framework |
There was a problem hiding this comment.
This must be reverted before merging
spoore1
left a comment
spoore1
left a comment
There was a problem hiding this comment.
Main thing I think is to move the tests into the existing test_smartcard.py file and use it's helper functions. Besides that, mostly questions for clarification.
| time.sleep(VIRT_CACARD_SETTLE_SECONDS) | ||
|
|
||
|
|
||
| def _assert_smartcard_auth_success(client: Client, username: str) -> None: |
There was a problem hiding this comment.
Didn't you write an authentication util for su for this in another PR? I think that should be used here.
There was a problem hiding this comment.
I guess there is no existing util , do you mean somewhere in specific ?
…mart card authentication (resolves: RHEL-5043)
krishnavema
force-pushed
the
pkcs11-soft-ocsp-tests
branch
from
8845bce to
49f5b90
Compare
4 participants
Add optional label parameter for pkcs11 support