Bug 79041 - up2date SSL certificate fails when date is incorrect
up2date SSL certificate fails when date is incorrect
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: up2date (Show other bugs)
8.0
athlon Linux
medium Severity medium
: ---
: ---
Assigned To: Adrian Likins
Red Hat Satellite QA List
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-12-04 18:09 EST by Adam Wiggins
Modified: 2007-04-18 12:48 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-02-14 08:09:17 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Adam Wiggins 2002-12-04 18:09:38 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021127

Description of problem:
If the date on your machine is set incorrectly (mine was set about 11 months
early - January 1, 2002 when the actual date was Dec 4, 2002) then up2date will
fail with the cryptic error message:

There was an SSL error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',
'certificate verify failed')]

Aparently the SSL certificate needs to be in a certain time window or it won't
work.  This should at the very least give the user a better idea of what the
problem is and suggest a correction (brining the system clock up to date) and
perhaps the exact time window that the certificate will allow.

I also reproduced this on 7.3, though the error message was simply "SSL_error".

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Execute command: date -s "jan 1 2002"
2. Run up2date


Actual Results:  There was an SSL error: [('SSL routines',
'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]

Expected Results:  A descriptive error message or perhaps even an offer to sync
the clock to a remote system.

Additional info:
Comment 1 Adrian Likins 2002-12-11 15:48:58 EST
Added an error message that a common cause is time being out of
sync. Unfortunately, the error message returned from the ssl library
is very vague, so I can't really pin it down to always being a time
issue. 

Hopefully, for the next release, we can get better error codes from
the ssl layer, so we can present more granual error messages. 

In the meantime, the new message should help.
Comment 2 Adrian Likins 2002-12-11 15:49:41 EST
should be fixed in 3.0.32 or higher
Comment 3 Jay Turner 2003-02-14 08:09:17 EST
Fix confirmed with up2date-3.1.15-7.

Note You need to log in before you can comment on or make changes to this bug.