Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-7650

Expired certificate in bundled botocore

XMLWordPrintable

    • None
    • Moderate
    • rhel-sst-high-availability
    • ssg_filesystems_storage_and_HA
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • If docs needed, set a value
    • None

      Description of problem:

      The cacert.pem bundled in python-s3transfer's botocore libs is expired. Customer reported. Confirmed below.

      [root@fastvm-rhel-7-6-21 requests]# pwd
      /usr/lib/fence-agents/bundled/botocore/vendored/requests
      [root@fastvm-rhel-7-6-21 requests]# openssl verify -CAfile cacert.pem cacert.pem
      cacert.pem: C = US, O = GTE Corporation, OU = "GTE CyberTrust Solutions, Inc.", CN = GTE CyberTrust Global Root
      error 10 at 0 depth lookup:certificate has expired
      OK

      This package gets pulled in by python-boto3 (for fence-agents-aws) on RHEL 7.

      Version-Release number of selected component (if applicable):

      python-s3transfer-0.1.13-1.el7

      How reproducible:

      Always

      Steps to Reproduce:
      1. cd /usr/lib/fence-agents/bundled/botocore/vendored/requests
      2. openssl verify -CAfile cacert.pem cacert.pem

      Actual results:

      cacert.pem: C = US, O = GTE Corporation, OU = "GTE CyberTrust Solutions, Inc.", CN = GTE CyberTrust Global Root
      error 10 at 0 depth lookup:certificate has expired
      OK

      Expected results:

      Not expired

              rhn-engineering-oalbrigt Oyvind Albrigtsen
              rhn-support-nwahl Reid Wahl
              Oyvind Albrigtsen Oyvind Albrigtsen
              Cluster QE Cluster QE
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: