Project

General

Profile

Actions
Copy link

Bug #38027

closed

Katello-certs-check no longer works on RHEL8

Added by Anders Pilegaard 4 days ago. Updated 1 day ago.

Status:
Closed
Priority:
High
Assignee:
-
Category:
foreman-installer script
Target version:
Foreman - 3.11.5
Difficulty:
Triaged:
Yes
Bugzilla link:
Pull request:
Fixed in Releases:
Foreman - 3.11.5, Foreman - 3.12.1
Found in Releases:
Foreman - 3.11.4, Foreman - 3.12.1
Red Hat JIRA:

Description

In issue https://projects.theforeman.org/issues/37828 a fix was made to add the options "-no-CApath -no-CAstore" to a call of "openssl verify". While this is fine on RHEL9 which has openssl 3.0.1 and above, it is not so good on RHEL8 which ends with openssl 1.1.1k. And openssl 1.1.1k does not recognize those options which makes katello-certs-check always fail.

Our current local workaround is to manually edit the script /sbin/katello-certs-check to remove those two options.

This will not be an issue going forward when RHEL8 is removed as supported platform, but right now it affects both of the "transition" versions that enable an upgrade path from RHEL8 to RHEL9, which is why I've marked the priority as "high".

Actions
Copy link
 #1

Updated by Anders Pilegaard 4 days ago

Looks like I failed in my research - this issue has already been reported directly to the github repo and there is a pull request there: https://github.com/theforeman/foreman-installer/pull/991

Sorry about the duplication ...

Actions
Copy link
 #2

Updated by Ewoud Kohl van Wijngaarden 1 day ago

  • Status changed from New to Closed
  • Target version set to 3.11.5
  • Triaged changed from No to Yes
  • Fixed in Releases 3.11.5, 3.12.1 added

I appreciate the Redmine issue because our changelogs use that. This just saves me creating one.

The changes have been reverted in both 3.11 & 3.12.

Actions
Copy link

Also available in: Atom PDF