Description of problem: The cacert.pem bundled in python-s3transfer's botocore libs is expired. Customer reported. Confirmed below. [root@fastvm-rhel-7-6-21 requests]# pwd /usr/lib/fence-agents/bundled/botocore/vendored/requests [root@fastvm-rhel-7-6-21 requests]# openssl verify -CAfile cacert.pem cacert.pem cacert.pem: C = US, O = GTE Corporation, OU = "GTE CyberTrust Solutions, Inc.", CN = GTE CyberTrust Global Root error 10 at 0 depth lookup:certificate has expired OK This package gets pulled in by python-boto3 (for fence-agents-aws) on RHEL 7. ----- Version-Release number of selected component (if applicable): python-s3transfer-0.1.13-1.el7 ----- How reproducible: Always ----- Steps to Reproduce: 1. cd /usr/lib/fence-agents/bundled/botocore/vendored/requests 2. openssl verify -CAfile cacert.pem cacert.pem ----- Actual results: cacert.pem: C = US, O = GTE Corporation, OU = "GTE CyberTrust Solutions, Inc.", CN = GTE CyberTrust Global Root error 10 at 0 depth lookup:certificate has expired OK ----- Expected results: Not expired
The cert is getting updated in bz#2050751, and seems to solve this issue. # cd /usr/lib/fence-agents/bundled/botocore/ # openssl verify -CAfile cacert.pem cacert.pem cacert.pem: OK