Red Hat Bugzilla – Bug 79041
up2date SSL certificate fails when date is incorrect
Last modified: 2007-04-18 12:48:51 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021127
Description of problem:
If the date on your machine is set incorrectly (mine was set about 11 months
early - January 1, 2002 when the actual date was Dec 4, 2002) then up2date will
fail with the cryptic error message:
There was an SSL error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',
'certificate verify failed')]
Aparently the SSL certificate needs to be in a certain time window or it won't
work. This should at the very least give the user a better idea of what the
problem is and suggest a correction (brining the system clock up to date) and
perhaps the exact time window that the certificate will allow.
I also reproduced this on 7.3, though the error message was simply "SSL_error".
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Execute command: date -s "jan 1 2002"
2. Run up2date
Actual Results: There was an SSL error: [('SSL routines',
'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]
Expected Results: A descriptive error message or perhaps even an offer to sync
the clock to a remote system.
Added an error message that a common cause is time being out of
sync. Unfortunately, the error message returned from the ssl library
is very vague, so I can't really pin it down to always being a time
Hopefully, for the next release, we can get better error codes from
the ssl layer, so we can present more granual error messages.
In the meantime, the new message should help.
should be fixed in 3.0.32 or higher
Fix confirmed with up2date-3.1.15-7.