Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

SWIFT: POC Conversion

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Won't Do
Priority: Normal
Fix Version/s: rhel-10.0.z
Affects Version/s: rhel-10.0
Component/s: ca-certificates
Labels:
- Committed

Regression:
No
Severity:
Low
Epic Link:
CRYPTO-15389
sprint_count:
1

AssignedTeam:
rhel-security-crypto
Sub-System Group:

ssg_security

Story Points:
0
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
Crypto25August

Acceptance Criteria:

Hide

/etc/pki/ca-trust/extracted/openssl is no longer shipped [/CoreOS/ca-certificates/Sanity/filelist already expects it not to]

Show
/etc/pki/ca-trust/extracted/openssl is no longer shipped [/CoreOS/ca-certificates/Sanity/filelist already expects it not to]
Preliminary Testing:
Pass
Test Coverage:
None

Experience:

PX Impact Score:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

We used to ship /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt before ~~RHEL-50293~~,
now openssl consumes the CA roots in an exploded directory format.

But I'm afraid we have a leftover /etc/pki/ca-trust/extracted/openssl/README which became out of date.
We should consider removing /etc/pki/ca-trust/extracted/openssl altogether.

Assignee:: František Krenželok

Reporter:: Alexander Sosedkin

Developer:: František Krenželok

QA Contact:: Alexander Sosedkin

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2024/11/18 2:48 PM

Updated:: 2025/08/20 11:58 AM

Resolved:: 2025/08/20 11:58 AM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates