From c5cae20f82d5c0fcc8bb4e21d040a85455970bca Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Tue, 19 Nov 2024 13:00:26 +0100 Subject: [PATCH] Revert "Fixes #37828: Ignore system CA trust when verifying certificates" This reverts commit a25324c1948ddc4766b1724a18bc4dd47b267c46 because OpenSSL on EL8 doesn't support the `-no-CApath` option. --- bin/katello-certs-check | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/katello-certs-check b/bin/katello-certs-check index 681d35c6..82f56856 100755 --- a/bin/katello-certs-check +++ b/bin/katello-certs-check @@ -157,7 +157,7 @@ function check-priv-key () { function check-ca-bundle () { printf "Checking CA bundle against the certificate file: " ERROR_PATTERN="error [0-9]+ at" - CHECK=$(openssl verify -no-CApath -no-CAstore -CAfile $CA_BUNDLE_FILE -purpose sslserver -verbose $CERT_FILE 2>&1) + CHECK=$(openssl verify -CAfile $CA_BUNDLE_FILE -purpose sslserver -verbose $CERT_FILE 2>&1) CHECK_STATUS=$? if [[ $CHECK_STATUS != "0" || $CHECK =~ $ERROR_PATTERN ]]; then