Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 1367484

Summary: Backport upstream "alternate trust paths" fix to glib-networking in RHEL 7
Product: Red Hat Enterprise Linux 7 Reporter: Kai Engert (:kaie) (inactive account) <kengert>
Component: glib-networkingAssignee: Dan Winship <danw>
Status: CLOSED ERRATA QA Contact: Desktop QE <desktop-qa-list>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.4CC: aloughla, jkoten, kengert, mcepl, nmavrogi, sukulkar, tpelka
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: glib-networking-2.50.0-1.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-01 12:28:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1335930, 1367434    

Description Kai Engert (:kaie) (inactive account) 2016-08-16 14:14:57 UTC
We'd like to fix bug 1367434 in RHEL 7.4 to avoid having to trust legacy CAs that have already been removed by the upstream Mozilla CA list maintainers.

In order to avoid regressions in applications that use glib-networking, a code enhancement is required, which has been implemented by upstream already.

Dan offered to help with the development work, which will require either a rebase to glib-networking 2.48, or to backport the relevant changes.

See also:
https://bugzilla.gnome.org/show_bug.cgi?id=750457
https://bugzilla.gnome.org/show_bug.cgi?id=753260
and bug 1284655 and bug 1246492

Comment 14 errata-xmlrpc 2017-08-01 12:28:09 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2100