Bug 987762

Summary: ipa-client rpm should require openssl version that support the certificate from the ipa server
Product: Red Hat Enterprise Linux 5 Reporter: Eduardo Minguez <eminguez>
Component: ipa-clientAssignee: Rob Crittenden <rcritten>
Status: CLOSED WONTFIX QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 5.9CC: mkosek
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-11-08 08:17:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Eduardo Minguez 2013-07-24 06:28:33 UTC
Description of problem:
RHEL5.2 with ipa-client packages from RHEL5.9. The "ipa-client-install" procedure fails trying to download the certificate from an ipa server like this:

# wget -O /tmp/ca.crt https://vmlbcipal01.idm.lvtc.gsnet.corp/ipa/config/ca.crt
--12:16:15--  https://vmlbcipal01.idm.lvtc.gsnet.corp/ipa/config/ca.crt
Resolving vmlbcipal01.idm.lvtc.gsnet.corp... 180.133.135.31
Connecting to vmlbcipal01.idm.lvtc.gsnet.corp|180.133.135.31|:443... connected.
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Unable to establish SSL connection.


Version-Release number of selected component (if applicable):
ipa-client-2.1.3-5.el5_9.2

How reproducible:
Run ipa-client-install in RHEL5.2 with ipa-client (and dependencies) from RHEL5.9

Steps to Reproduce:
1. Fresh RHEL5.2
2. ipa-client packages from RHEL5.9
3. Run ipa-client-install

Actual results:
Fails getting the certificate

Expected results:
Get the certificate and continue the enrollment process

Additional info:
Updating openssl to openssl-0.9.8e-26.el5_9.1 solves this (I don't know if a less updated version works too)

Comment 2 Martin Kosek 2013-11-08 08:17:20 UTC
This Bugzilla has been reviewed by Red Hat and is not planned on being
addressed in Red Hat Enterprise Linux 5, and therefore will be closed.

If this bug is critical to production systems, please contact your Red Hat
support representative and provide sufficient business justification.