Bug 714916 - /etc/pki/tls/certs/ca-bundle.crt is out of date
Summary: /etc/pki/tls/certs/ca-bundle.crt is out of date
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: openssl
Version: 5.6
Hardware: Unspecified
OS: Unspecified
unspecified
urgent
Target Milestone: rc
: ---
Assignee: Tomas Mraz
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-06-21 10:21 UTC by manuel wolfshant
Modified: 2012-03-05 15:08 UTC (History)
1 user (show)

Fixed In Version: openssl-0.9.8e-21.el5
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-03-05 15:08:40 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
CentOS 4899 0 None None None Never

Description manuel wolfshant 2011-06-21 10:21:39 UTC 
Description of problem:
/etc/pki/tls/certs/ca-bundle.crt is out of date 

Version-Release number of selected component (if applicable):
openssl-0.9.8e-12.el5_5.7


How reproducible:
always

Steps to Reproduce:
1.wget -S https://github.com/evanphx/rubinius.git/info/refs 

  
Actual results:
--2011-06-21 13:14:44--  https://github.com/evanphx/rubinius.git/info/refs
Resolving github.com... 207.97.227.239
Connecting to github.com|207.97.227.239|:443... connected.
ERROR: cannot verify github.com’s certificate, issued by github.com:
  Unable to locally verify the issuer’s authority.
To connect to github.com insecurely, use ‘--no-check-certificate’.
Unable to establish SSL connection.


Expected results:
--2011-06-21 13:21:10--  https://github.com/evanphx/rubinius.git/info/refs
Resolving github.com... 207.97.227.239
Connecting to github.com|207.97.227.239|:443... connected.
HTTP request sent, awaiting response...
  HTTP/1.1 403 Forbidden
  Server: nginx/0.7.67
  Date: Tue, 21 Jun 2011 10:21:11 GMT
  Content-Type: text/plain
  Connection: keep-alive
  Expires: Fri, 01 Jan 1980 00:00:00 GMT, Fri, 01 Jan 1980 00:00:00 GMT
  Pragma: no-cache, no-cache
  Cache-Control: no-cache, max-age=0, must-revalidate, no-cache, max-age=0, must-revalidate
  Content-Length: 0
2011-06-21 13:21:11 ERROR 403: Forbidden.


Additional info:
Comment 1 Tomas Mraz 2011-06-21 10:33:35 UTC 
It is a configuration file, feel free to modify it according to your requirements.
Comment 2 Jonathan Peatfield 2011-09-07 22:32:44 UTC 
I'm glad to note that it is sufficiently out of date that it seems not to have the DigiNotar certificates in it.  Or maybe I'm missing them but the string DigiNotar is not in there...

 - Jon
Comment 3 Tomas Mraz 2011-09-08 06:26:33 UTC 
Yes, DigiNotar certificates are not in the ca-bundle.crt file that we ship on RHEL-5.
Note You need to log in before you can comment on or make changes to this bug.