Bug 1260678
Summary: | Certificate verification fails with multiple https urls [el6/nss] | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Hubert Kario <hkario> | |
Component: | nss | Assignee: | Daiki Ueno <dueno> | |
Status: | CLOSED ERRATA | QA Contact: | Hubert Kario <hkario> | |
Severity: | high | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 6.7 | CC: | alexander.naumann, aurelien, ben.r.xiao, bugzilla, desintegr, dueno, emaldona, fedora, FlorianFranzen, kdudka, kengert, ksrot, michal.bruncko, mtolson, nkinder, qe-baseos-security, redhatbugs, red-hat-bugzilla, redhat-bugzilla, redhat, rhbug, robert.scheck, wvoyek | |
Target Milestone: | rc | Keywords: | Patch | |
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | nss-3.27.1-2.el6 | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | ||
Clone Of: | 1241172 | |||
: | 1269660 (view as bug list) | Environment: | ||
Last Closed: | 2017-03-21 10:25:14 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 1241172 | |||
Bug Blocks: | 1269194, 1269660, 1343211 |
Description
Hubert Kario
2015-09-07 12:46:50 UTC
There is a workaround for curl suggested by Mozilla upstream: https://github.com/bagder/curl/commit/958d2ffb Kamil, I can verify that it is fixed in Fedora 22 version of curl, do you plan to implement the same workaround in RHEL? Yes, assuming the fix gets approved. See bug #1269660 and bug #1269855. Cross-filed case 01637758 on the Red Hat customer portal to get this moved on. The issue was fixed on the curl side and released in the 6.8.0 release, see bug 1269660. In the solution provided by the new curl package not sufficient? Taking https://github.com/owncloud/core/issues/16255#issuecomment-112481294 and "curl -v -I https://owncloud.org/ https://www.owncloud.org/" as the test cases: RHEL 6.7: Does not work (returns 200/400) RHEL 6.8: Works (returns 200/301) Thus you are right, curl-7.19.7-52.el6 as shipped with RHEL 6.8 solves this issue. I didn't verify RHEL 6.8 after I noticed that RHEL 7 is still affected. So, let's close this one? As Kamil said in the RHEL-7 version of the bug, we don't yet have a reason to not fix it in NSS itself. So I don't think it is necessary to close this bug just yet. Oh, yes, sorry. I got confused about NSS vs. curl. So yes, while the curl issue is solved, the NSS one (this RHBZ) isn't yet. Makes sense to get this fixed as well :) Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2017-0671.html |