Red Hat Bugzilla – Bug 987762
ipa-client rpm should require openssl version that support the certificate from the ipa server
Last modified: 2013-11-08 03:17:20 EST
Description of problem:
RHEL5.2 with ipa-client packages from RHEL5.9. The "ipa-client-install" procedure fails trying to download the certificate from an ipa server like this:
# wget -O /tmp/ca.crt https://vmlbcipal01.idm.lvtc.gsnet.corp/ipa/config/ca.crt
Resolving vmlbcipal01.idm.lvtc.gsnet.corp... 22.214.171.124
Connecting to vmlbcipal01.idm.lvtc.gsnet.corp|126.96.36.199|:443... connected.
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Unable to establish SSL connection.
Version-Release number of selected component (if applicable):
Run ipa-client-install in RHEL5.2 with ipa-client (and dependencies) from RHEL5.9
Steps to Reproduce:
1. Fresh RHEL5.2
2. ipa-client packages from RHEL5.9
3. Run ipa-client-install
Fails getting the certificate
Get the certificate and continue the enrollment process
Updating openssl to openssl-0.9.8e-26.el5_9.1 solves this (I don't know if a less updated version works too)
This Bugzilla has been reviewed by Red Hat and is not planned on being
addressed in Red Hat Enterprise Linux 5, and therefore will be closed.
If this bug is critical to production systems, please contact your Red Hat
support representative and provide sufficient business justification.