Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 79041 - up2date SSL certificate fails when date is incorrect
Summary: up2date SSL certificate fails when date is incorrect
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: up2date
Version: 8.0
Hardware: athlon
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Adrian Likins
QA Contact: Red Hat Satellite QA List
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-12-04 23:09 UTC by Adam Wiggins
Modified: 2007-04-18 16:48 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2003-02-14 13:09:17 UTC


Attachments (Terms of Use)

Description Adam Wiggins 2002-12-04 23:09:38 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021127

Description of problem:
If the date on your machine is set incorrectly (mine was set about 11 months
early - January 1, 2002 when the actual date was Dec 4, 2002) then up2date will
fail with the cryptic error message:

There was an SSL error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',
'certificate verify failed')]

Aparently the SSL certificate needs to be in a certain time window or it won't
work.  This should at the very least give the user a better idea of what the
problem is and suggest a correction (brining the system clock up to date) and
perhaps the exact time window that the certificate will allow.

I also reproduced this on 7.3, though the error message was simply "SSL_error".

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Execute command: date -s "jan 1 2002"
2. Run up2date


Actual Results:  There was an SSL error: [('SSL routines',
'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]

Expected Results:  A descriptive error message or perhaps even an offer to sync
the clock to a remote system.

Additional info:

Comment 1 Adrian Likins 2002-12-11 20:48:58 UTC
Added an error message that a common cause is time being out of
sync. Unfortunately, the error message returned from the ssl library
is very vague, so I can't really pin it down to always being a time
issue. 

Hopefully, for the next release, we can get better error codes from
the ssl layer, so we can present more granual error messages. 

In the meantime, the new message should help.

Comment 2 Adrian Likins 2002-12-11 20:49:41 UTC
should be fixed in 3.0.32 or higher

Comment 3 Jay Turner 2003-02-14 13:09:17 UTC
Fix confirmed with up2date-3.1.15-7.


Note You need to log in before you can comment on or make changes to this bug.