Bug 987762 - ipa-client rpm should require openssl version that support the certificate from the ipa server
ipa-client rpm should require openssl version that support the certificate fr...
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: ipa-client (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Rob Crittenden
Namita Soman
Depends On:
  Show dependency treegraph
Reported: 2013-07-24 02:28 EDT by Eduardo Minguez
Modified: 2013-11-08 03:17 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-11-08 03:17:20 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Eduardo Minguez 2013-07-24 02:28:33 EDT
Description of problem:
RHEL5.2 with ipa-client packages from RHEL5.9. The "ipa-client-install" procedure fails trying to download the certificate from an ipa server like this:

# wget -O /tmp/ca.crt https://vmlbcipal01.idm.lvtc.gsnet.corp/ipa/config/ca.crt
--12:16:15--  https://vmlbcipal01.idm.lvtc.gsnet.corp/ipa/config/ca.crt
Resolving vmlbcipal01.idm.lvtc.gsnet.corp...
Connecting to vmlbcipal01.idm.lvtc.gsnet.corp||:443... connected.
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Unable to establish SSL connection.

Version-Release number of selected component (if applicable):

How reproducible:
Run ipa-client-install in RHEL5.2 with ipa-client (and dependencies) from RHEL5.9

Steps to Reproduce:
1. Fresh RHEL5.2
2. ipa-client packages from RHEL5.9
3. Run ipa-client-install

Actual results:
Fails getting the certificate

Expected results:
Get the certificate and continue the enrollment process

Additional info:
Updating openssl to openssl-0.9.8e-26.el5_9.1 solves this (I don't know if a less updated version works too)
Comment 2 Martin Kosek 2013-11-08 03:17:20 EST
This Bugzilla has been reviewed by Red Hat and is not planned on being
addressed in Red Hat Enterprise Linux 5, and therefore will be closed.

If this bug is critical to production systems, please contact your Red Hat
support representative and provide sufficient business justification.

Note You need to log in before you can comment on or make changes to this bug.