Bug 714916

Summary: /etc/pki/tls/certs/ca-bundle.crt is out of date
Product: Red Hat Enterprise Linux 5 Reporter: manuel wolfshant <manuel.wolfshant>
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED CURRENTRELEASE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 5.6CC: j.s.peatfield
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openssl-0.9.8e-21.el5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-05 15:08:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description manuel wolfshant 2011-06-21 10:21:39 UTC
Description of problem:
/etc/pki/tls/certs/ca-bundle.crt is out of date 

Version-Release number of selected component (if applicable):
openssl-0.9.8e-12.el5_5.7


How reproducible:
always

Steps to Reproduce:
1.wget -S https://github.com/evanphx/rubinius.git/info/refs 

  
Actual results:
--2011-06-21 13:14:44--  https://github.com/evanphx/rubinius.git/info/refs
Resolving github.com... 207.97.227.239
Connecting to github.com|207.97.227.239|:443... connected.
ERROR: cannot verify github.com’s certificate, issued by github.com:
  Unable to locally verify the issuer’s authority.
To connect to github.com insecurely, use ‘--no-check-certificate’.
Unable to establish SSL connection.


Expected results:
--2011-06-21 13:21:10--  https://github.com/evanphx/rubinius.git/info/refs
Resolving github.com... 207.97.227.239
Connecting to github.com|207.97.227.239|:443... connected.
HTTP request sent, awaiting response...
  HTTP/1.1 403 Forbidden
  Server: nginx/0.7.67
  Date: Tue, 21 Jun 2011 10:21:11 GMT
  Content-Type: text/plain
  Connection: keep-alive
  Expires: Fri, 01 Jan 1980 00:00:00 GMT, Fri, 01 Jan 1980 00:00:00 GMT
  Pragma: no-cache, no-cache
  Cache-Control: no-cache, max-age=0, must-revalidate, no-cache, max-age=0, must-revalidate
  Content-Length: 0
2011-06-21 13:21:11 ERROR 403: Forbidden.


Additional info:

Comment 1 Tomas Mraz 2011-06-21 10:33:35 UTC
It is a configuration file, feel free to modify it according to your requirements.

Comment 2 Jonathan Peatfield 2011-09-07 22:32:44 UTC
I'm glad to note that it is sufficiently out of date that it seems not to have the DigiNotar certificates in it.  Or maybe I'm missing them but the string DigiNotar is not in there...

 - Jon

Comment 3 Tomas Mraz 2011-09-08 06:26:33 UTC
Yes, DigiNotar certificates are not in the ca-bundle.crt file that we ship on RHEL-5.