YUM revocation check

General support questions
Post Reply
rigormortis
Posts: 2
Joined: 2019/08/16 14:20:19

YUM revocation check

Post by rigormortis » 2019/08/16 14:23:20

Hello,

I have been searching quite a bit lately but I can't find a way to get yum to fetch a CRL or do OCSP. I have the CDP set in the remote server certificate and I have verified that the crl is reachable.
Any advice would help.
Thank you

chemal
Posts: 589
Joined: 2013/12/08 19:44:49

Re: YUM revocation check

Post by chemal » 2019/08/16 15:57:19

Yum/rpm uses curl to fetch rpms (iirc). Yum/rpm itself doesn't care if the transport is secure or whatever. Downloaded rpms are checked with an rpm gpg key.

User avatar
TrevorH
Forum Moderator
Posts: 26621
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: YUM revocation check

Post by TrevorH » 2019/08/16 19:25:36

As yum completely ignores the expiry of the keys used to sign packages, I don't think it cares about certificate revocation either.
CentOS 5 died in March 2017 - migrate NOW!
CentOS 6 goes EOL sooner rather than later, get upgrading!
Full time Geek, part time moderator. Use the FAQ Luke

rigormortis
Posts: 2
Joined: 2019/08/16 14:20:19

Re: YUM revocation check

Post by rigormortis » 2019/08/21 11:49:25

ok, thank you to both of you for the responses.

Post Reply

Return to “CentOS 7 - General Support”