Bug #38027
closedKatello-certs-check no longer works on EL8
Description
In issue https://projects.theforeman.org/issues/37828 a fix was made to add the options "-no-CApath -no-CAstore" to a call of "openssl verify". While this is fine on RHEL9 which has openssl 3.0.1 and above, it is not so good on RHEL8 which ends with openssl 1.1.1k. And openssl 1.1.1k does not recognize those options which makes katello-certs-check always fail.
Our current local workaround is to manually edit the script /sbin/katello-certs-check to remove those two options.
This will not be an issue going forward when RHEL8 is removed as supported platform, but right now it affects both of the "transition" versions that enable an upgrade path from RHEL8 to RHEL9, which is why I've marked the priority as "high".
Updated by Anders Pilegaard 19 days ago
Looks like I failed in my research - this issue has already been reported directly to the github repo and there is a pull request there: https://github.com/theforeman/foreman-installer/pull/991
Sorry about the duplication ...
Updated by Ewoud Kohl van Wijngaarden 17 days ago
- Status changed from New to Closed
- Target version set to 3.11.5
- Triaged changed from No to Yes
- Fixed in Releases 3.11.5, 3.12.1 added
I appreciate the Redmine issue because our changelogs use that. This just saves me creating one.
The changes have been reverted in both 3.11 & 3.12.
Updated by Ewoud Kohl van Wijngaarden 12 days ago
- Subject changed from Katello-certs-check no longer works on RHEL8 to Katello-certs-check no longer works on EL8