Bug 1782353

Summary: gnutls cerficate validity default changed from deny to warn
Product: Red Hat Enterprise Linux 8 Reporter: Dalibor Pospíšil <dapospis>
Component: rsyslogAssignee: Jiří Vymazal <jvymazal>
Status: CLOSED ERRATA QA Contact: Dalibor Pospíšil <dapospis>
Severity: high Docs Contact:
Priority: high    
Version: 8.4CC: dapospis, jvymazal
Target Milestone: rcKeywords: Regression, Triaged
Target Release: 8.0Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: rsyslog-8.1911.0-3.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-28 16:01:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dalibor Pospíšil 2019-12-11 14:28:31 UTC 
Description of problem:
The default behaviour for gnutls was to reject peers with expired certificates. Now in the new rsyslog version it is accepted and a warning is logged.

This is not good state for enterprise customers, we should fix it.

Version-Release number of selected component (if applicable):
rsyslog-8.1911.0-2.el8

How reproducible:
100%

Actual results:
communication is accepted

Expected results:
communication is rejected
Comment 2 Jiří Vymazal 2019-12-11 14:59:05 UTC 
opened PR upstream
Comment 8 errata-xmlrpc 2020-04-28 16:01:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1702