Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

SWIFT: POC Conversion

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Normal
Fix Version/s: rhel-9.7
Affects Version/s: rhel-9.7
Component/s: openssl
Labels:

Fixed in Build:
openssl-3.5.1-1.el9
Regression:
No
Severity:
Moderate
Epic Link:
CRYPTO-15944
sprint_count:
1

AssignedTeam:
rhel-security-crypto

Dev Target Milestone:
19
Internal Target Milestone:
26
Story Points:
0.1
ACKs Check:

QE ack, Dev ack
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
No
Sprint:
Crypto25July

Acceptance Criteria:

Hide

AC1) When SSLKEYLOGFILE env variable is set, a file with the conversation secrets is created

AC2) The created file has permissions of code "600"

Show
AC1) When SSLKEYLOGFILE env variable is set, a file with the conversation secrets is created AC2) The created file has permissions of code "600"
Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/148294
Gating Tests:

Not Needed
Test Coverage:

Automated

Release Note Type:
Unspecified Release Note Type - Unknown
ProdDocsReview-CCS:
Unspecified
ProdDocsReview-Dev:
Unspecified
ProdDocsReview-QE:
Unspecified

Experience:

PX Impact Score:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

What were you trying to do that didn't work?

Running httpd/Regression/bz1704317-mod_ssl-SSLKEYLOGFILE-support

Test is checking permissions of /var/log/httpd/ssl_key_log. In previous rhel-9.6, permissions are 600. In rhel-9.7, file is also readable for group and others (644).

Please provide the package NVR for which the bug is seen:

httpd-2.4.62-4.el9

How reproducible is this bug?:

By running test httpd/Regression/bz1704317-mod_ssl-SSLKEYLOGFILE-support

Expected results

Test should pass, /var/log/httpd/ssl_key_log should have 600 permissions.

Actual results

~~rw-r~~r-. 1 root root 0 Jun 3 09:30 /var/log/httpd/ssl_key_log

:: [ 09:30:46 ] :: [ PASS ] :: Command 'ls -l /var/log/httpd/ssl_key_log | awk '{print }'' (Expected 0, got 0)

:: [ 09:30:46 ] :: [ FAIL ] :: File '/var/tmp/rlRun_LOG.sbugxMQV' should contain 'rw------.'

links to

RHBA-2025:148294 openssl bug fix and enhancement update

Assignee:: Dmitry Belyavskiy

Reporter:: Branislav Náter

Developer:: Dmitry Belyavskiy

QA Contact:: Georgios Stavros Pantelakis

Votes:: 0 Vote for this issue

Watchers:: 10 Start watching this issue

Created:: 2025/06/20 8:26 AM

Updated:: 2025/11/11 10:51 AM

Resolved:: 2025/11/11 10:51 AM

Dev Target end:: 2025/07/07

Target end:: 2025/08/25

Next Planned Release Date:: 2025/11/11

Release Date:: 2025/11/11

Details

Description

What were you trying to do that didn't work?

Please provide the package NVR for which the bug is seen:

How reproducible is this bug?:

Expected results

Actual results

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates