Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-94574

curl --hostpubmd5 option does not work

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Normal Normal
    • rhel-8.10.z
    • rhel-8.10
    • curl
    • None
    • curl-7.61.1-34.el8_10.6
    • Yes
    • Low
    • 1
    • rhel-plumbers
    • ssg_core_services
    • 2
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • Plumbers Sprint 2
    • Unspecified
    • Unspecified
    • Unspecified
    • x86_64
    • None

      What were you trying to do that didn't work?

      Customer is attempting to use the --hostpubmd5 option to ensure that the remote machine has the expected key.

      What is the impact of this issue to you?

      Customer has internal processes that worked on RHEL 7 but stopped working after upgrading to RHEL 8.

      Please provide the package NVR for which the bug is seen:

      curl-7.61.1-34.el8_10.3.x86_64

      How reproducible is this bug?:

      Always

      Steps to reproduce

       

      [bashuser@rhel-8-2 ~]$ cat .ssh/known_hosts
rhel-8-1.example.com,192.168.122.81 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDVXRf1B2u57FbAqRwvGPTwD/9yGoUV4xOq9+eaRhb/5ZD7WjmTbP099Ovoq2oCv1DDuzmD3ZpAElNrN+N902AI=
[bashuser@rhel-8-2 ~]$ ssh-keyscan -H rhel-8-1.example.com | ssh-keygen -E md5 -lf - | sed 's/MD5/MD5 /;s/://g'
# rhel-8-1.example.com:22 SSH-2.0-OpenSSH_8.0
# rhel-8-1.example.com:22 SSH-2.0-OpenSSH_8.0
# rhel-8-1.example.com:22 SSH-2.0-OpenSSH_8.0
3072 MD5 d9f7eb636c9210ae01d29525196a0c86 |1|bIDUcvOwEqoH2gZBOlwNxacBp50=|hhpf63pkae8vsmd8mNgnFW9rUKU= (RSA)
256 MD5 9f46c1c90f0d79c30dadd3f8a4130834 |1|L9AGp2Xof1YB6Yrglw2jGGHdxAM=|hBqiVqVmrcWBmSk+/IS2TtlarYg= (ECDSA)
256 MD5 c48b8cb2999e83b27f52d7707d3b1210 |1|lZn20+jDO5czd0G0/Z2yg6twdeU=|u8ap5rfqb55/bK7C2aGU2D91c+w= (ED25519)
[bashuser@rhel-8-2 ~]$ curl -u bashuser:bashuser --hostpubmd5 9f46c1c90f0d79c30dadd3f8a4130834 sftp://rhel-8-1.example.com/etc/redhat-release
curl: (51) SSL peer certificate or SSH remote key was not OK

       

      Expected results

      curl should download the remote file.

      Actual results

      curl fails with message "curl: (51) SSL peer certificate or SSH remote key was not OK"

      .h3 Additional information

      We are missing this fix: https://github.com/sthagen/curl-curl/pull/122

       

        1. RHEL-94574.patch
          13 kB

              jmigacz@redhat.com Jacek Migacz
              rhn-support-casantos Carlos Santos
              Jacek Migacz Jacek Migacz
              Daniel Rusek Daniel Rusek
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: