Bug 698080

Summary: ca-bundle.trust.crt (TC TrustCenter Class 2 CA) is not valid since 2011-01-01
Product: [Fedora] Fedora Reporter: Eddie Lania <eddie>
Component: ca-certificatesAssignee: Robert Scheck <redhat-bugzilla>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 14CC: jorton, redhat-bugzilla, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-07-28 03:17:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Eddie Lania 2011-04-20 06:30:39 UTC 
Description of problem: Since upgrading from Fedora 13 to 14, I receive every day the following message:

/etc/cron.daily/x509watch:

/etc/pki/tls/certs/ca-bundle.trust.crt (TC TrustCenter Class 2 CA) is not valid since 2011-01-01
/etc/pki/tls/certs/ca-bundle.trust.crt (TC TrustCenter Class 3 CA) is not valid since 2011-01-01



Version-Release number of selected component (if applicable):
openssl-1.0.0d-1.fc14.i686
x509watch-0.3.0-1.fc14.noarch


How reproducible: Every time x509watch is run


Steps to Reproduce:
1. Upgrade a FC13 system to FC14
2. Make sure x509watch is installed
3. Observe daily x509watch reports
  
Actual results: Message: ca-bundle.trust.crt is not valid.


Expected results: No such message


Additional info:
Comment 1 Eddie Lania 2011-05-07 20:54:48 UTC 
Please provide a new ca-bundle.trust.crt.
Comment 2 Eddie Lania 2011-06-01 07:25:59 UTC 
Fedora 14 ca-certificates is version 2010.63-3.fc14.

I see in Fedora 15 repo version 2011.70-2.fc15 is current.

Do I need to upgrade to Fedora 15 just to get a newer ca-bundle.trust.crt?
Comment 3 Robert Scheck 2011-06-04 01:26:28 UTC 
Even while ca-bundle.trust.crt might be outdated, the reported issue is a
bug in x509watch, because the system CA bundles need to be ignored.

Further, newer versions like ca-certificates-2011.74-1.fc16 even trigger a
year 2038 issue within perl and cause some exotic CAs valid till > 2037 to
be reported by accident on 32 bit systems running perl < 5.12.
Comment 4 Fedora Update System 2011-06-26 17:01:06 UTC 
x509watch-0.5.0-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/x509watch-0.5.0-1.fc15
Comment 5 Fedora Update System 2011-06-26 17:01:36 UTC 
x509watch-0.5.0-1.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/x509watch-0.5.0-1.fc14
Comment 6 Fedora Update System 2011-06-26 17:01:56 UTC 
x509watch-0.5.0-1.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/x509watch-0.5.0-1.el6
Comment 7 Fedora Update System 2011-06-26 17:02:19 UTC 
x509watch-0.5.0-1.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/x509watch-0.5.0-1.el5
Comment 8 Fedora Update System 2011-06-26 17:02:41 UTC 
x509watch-0.5.0-1.el4 has been submitted as an update for Fedora EPEL 4.
https://admin.fedoraproject.org/updates/x509watch-0.5.0-1.el4
Comment 9 Fedora Update System 2011-07-06 21:26:08 UTC 
x509watch-0.5.0-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2011-07-06 21:37:06 UTC 
x509watch-0.5.0-1.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2011-07-12 14:57:27 UTC 
x509watch-0.5.0-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2011-07-12 14:59:15 UTC 
x509watch-0.5.0-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2011-07-12 15:01:24 UTC 
x509watch-0.5.0-1.el4 has been pushed to the Fedora EPEL 4 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 14 Eddie Lania 2011-07-20 13:59:12 UTC 
It is fixed, thank you.

You can close the bug.

Regards,

Eddie.