Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-88782

NetworkManager incorrectly hard-codes the CA bundle path to /etc/pki/tls/cert.pem, which no longer exists on RHEL 10, causing trust store lookup failures

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-10.1
    • NetworkManager
    • None
    • No
    • None
    • rhel-sst-network-management
    • rhel-sst-network-management
    • ssg_networking
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • Hide

      Definition of Done:

      Please mark each item below with ( / ) if completed or ( x ) if incomplete:

      ( ) The acceptance criteria defined below are met.

      None

      ( ) Code changes are included in a downstream build attached to an errata.

      ( ) All required testing (manual and/or automated) passes successfully.

      ( ) Related documentation updates (if applicable) have been completed.

      ( ) All necessary backports to the related RHEL streams (linked as 'relates' in this issue) have been completed and verified.

      Show
      Definition of Done: Please mark each item below with ( / ) if completed or ( x ) if incomplete: ( ) The acceptance criteria defined below are met. None ( ) Code changes are included in a downstream build attached to an errata. ( ) All required testing (manual and/or automated) passes successfully. ( ) Related documentation updates (if applicable) have been completed. ( ) All necessary backports to the related RHEL streams (linked as 'relates' in this issue) have been completed and verified.
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      The NetworkManager.spec file for RHEL/CentOS Stream 10 hard-codes the TLS CA bundle path to `/etc/pki/tls/cert.pem`, but this file no longer exists starting from RHEL/CentOS Stream 10 (as indicated in https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10-beta/html/10.0_beta_release_notes/removed-features and https://issues.redhat.com/browse/RHEL-50293 ).

      We should update the NetworkManager.spec file:

      On CentOS Stream 10 / RHEL 10 and newer, change the CA trust store path to `/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem`.
      On older releases (RHEL/CentOS 9 and below), keep using `/etc/pki/tls/cert.pem`

      Reason: To align with the system-wide dropping of `/etc/pki/tls/cert.pem` and use the new hashed directory structure for trusted CAs.

              nm-team Network Management Team
              liangwen12year Wen Liang
              Network Management Team Network Management Team
              Vladimir Benes Vladimir Benes
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: