Bug #38027: Katello-certs-check no longer works on RHEL8 - Installer - Foreman

Actions

Copy link

Bug #38027

closed

Katello-certs-check no longer works on RHEL8

Added by Anders Pilegaard 4 days ago. Updated 2 days ago.

Status:

Closed

Priority:

High

Assignee:

Category:

foreman-installer script

Target version:

Foreman - 3.11.5

Difficulty:

Triaged:

Yes

Bugzilla link:

Pull request:

Fixed in Releases:

Foreman - 3.11.5, Foreman - 3.12.1

Found in Releases:

Foreman - 3.11.4, Foreman - 3.12.1

Red Hat JIRA:

Description

In issue https://projects.theforeman.org/issues/37828 a fix was made to add the options "-no-CApath -no-CAstore" to a call of "openssl verify". While this is fine on RHEL9 which has openssl 3.0.1 and above, it is not so good on RHEL8 which ends with openssl 1.1.1k. And openssl 1.1.1k does not recognize those options which makes katello-certs-check always fail.

Our current local workaround is to manually edit the script /sbin/katello-certs-check to remove those two options.

This will not be an issue going forward when RHEL8 is removed as supported platform, but right now it affects both of the "transition" versions that enable an upgrade path from RHEL8 to RHEL9, which is why I've marked the priority as "high".

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Foreman » Installer

Custom queries

Bug #38027

Katello-certs-check no longer works on RHEL8

Updated by Anders Pilegaard 4 days ago

Updated by Ewoud Kohl van Wijngaarden 2 days ago