Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-7650

Expired certificate in bundled botocore

XMLWordPrintable

    • None
    • Moderate
    • sst_high_availability
    • ssg_filesystems_storage_and_HA
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • If docs needed, set a value
    • None

      Description of problem:

      The cacert.pem bundled in python-s3transfer's botocore libs is expired. Customer reported. Confirmed below.

      [root@fastvm-rhel-7-6-21 requests]# pwd
      /usr/lib/fence-agents/bundled/botocore/vendored/requests
      [root@fastvm-rhel-7-6-21 requests]# openssl verify -CAfile cacert.pem cacert.pem
      cacert.pem: C = US, O = GTE Corporation, OU = "GTE CyberTrust Solutions, Inc.", CN = GTE CyberTrust Global Root
      error 10 at 0 depth lookup:certificate has expired
      OK

      This package gets pulled in by python-boto3 (for fence-agents-aws) on RHEL 7.

      Version-Release number of selected component (if applicable):

      python-s3transfer-0.1.13-1.el7

      How reproducible:

      Always

      Steps to Reproduce:
      1. cd /usr/lib/fence-agents/bundled/botocore/vendored/requests
      2. openssl verify -CAfile cacert.pem cacert.pem

      Actual results:

      cacert.pem: C = US, O = GTE Corporation, OU = "GTE CyberTrust Solutions, Inc.", CN = GTE CyberTrust Global Root
      error 10 at 0 depth lookup:certificate has expired
      OK

      Expected results:

      Not expired

            rhn-engineering-oalbrigt Oyvind Albrigtsen
            rhn-support-nwahl Reid Wahl
            Oyvind Albrigtsen Oyvind Albrigtsen
            Cluster QE Cluster QE
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: