Bug 79041 - up2date SSL certificate fails when date is incorrect
Summary: up2date SSL certificate fails when date is incorrect
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: up2date
Version: 8.0
Hardware: athlon
OS: Linux
Target Milestone: ---
Assignee: Adrian Likins
QA Contact: Red Hat Satellite QA List
Depends On:
TreeView+ depends on / blocked
Reported: 2002-12-04 23:09 UTC by Adam Wiggins
Modified: 2007-04-18 16:48 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2003-02-14 13:09:17 UTC

Attachments (Terms of Use)

Description Adam Wiggins 2002-12-04 23:09:38 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021127

Description of problem:
If the date on your machine is set incorrectly (mine was set about 11 months
early - January 1, 2002 when the actual date was Dec 4, 2002) then up2date will
fail with the cryptic error message:

There was an SSL error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',
'certificate verify failed')]

Aparently the SSL certificate needs to be in a certain time window or it won't
work.  This should at the very least give the user a better idea of what the
problem is and suggest a correction (brining the system clock up to date) and
perhaps the exact time window that the certificate will allow.

I also reproduced this on 7.3, though the error message was simply "SSL_error".

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Execute command: date -s "jan 1 2002"
2. Run up2date

Actual Results:  There was an SSL error: [('SSL routines',
'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]

Expected Results:  A descriptive error message or perhaps even an offer to sync
the clock to a remote system.

Additional info:

Comment 1 Adrian Likins 2002-12-11 20:48:58 UTC
Added an error message that a common cause is time being out of
sync. Unfortunately, the error message returned from the ssl library
is very vague, so I can't really pin it down to always being a time

Hopefully, for the next release, we can get better error codes from
the ssl layer, so we can present more granual error messages. 

In the meantime, the new message should help.

Comment 2 Adrian Likins 2002-12-11 20:49:41 UTC
should be fixed in 3.0.32 or higher

Comment 3 Jay Turner 2003-02-14 13:09:17 UTC
Fix confirmed with up2date-3.1.15-7.

Note You need to log in before you can comment on or make changes to this bug.