What were you trying to do that didn't work?
Running a Get request with ** CheckCertificateRevocationList flag enabled causes the following error on UBI9: The remote certificate is invalid because of errors in the certificate chain: RevocationStatusUnknown, OfflineRevocation.
We are currently encountering this error on both dotnet 7 and 8.
Please provide the package NVR for which bug is seen:
openssl-3.0.7-25.el9_3.x86_64
aspnetcore-runtime-7.0-7.0.15-1.el9_3.x86_64
aspnetcore-runtime-8.0-8.0.1-1.el9_3.x86_64
Steps to reproduce
- Create a .NET Console project using dotnet 7 or 8
- Use the attached code in Program.cs
- Add the attached Dockerfilein the project folder
- Build & run the docker container
Expected results
The demo app should run without any errors
Actual results
The demo fails with the following error:
Unhandled exception. System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: RevocationStatusUnknown, OfflineRevocation
Notes
- Replacing the UBI9 image with the official MS image (mcr.microsoft.com/dotnet/runtime:7.0) fixes the issue.
- Recompiling the same version of OpenSSL (without RH patches) also fixes the issue.
- relates to
-
RHEL-25254 Follow-up for RHEL-22734: CheckCertificateRevocationList flag for SHA1 CAs
-
- Closed
-
