YUM revocation check

General support questions
Post Reply
rigormortis
Posts: 2
Joined: 2019/08/16 14:20:19

YUM revocation check

Post by rigormortis » 2019/08/16 14:23:20

Hello,

I have been searching quite a bit lately but I can't find a way to get yum to fetch a CRL or do OCSP. I have the CDP set in the remote server certificate and I have verified that the crl is reachable.
Any advice would help.
Thank you

chemal
Posts: 776
Joined: 2013/12/08 19:44:49

Re: YUM revocation check

Post by chemal » 2019/08/16 15:57:19

Yum/rpm uses curl to fetch rpms (iirc). Yum/rpm itself doesn't care if the transport is secure or whatever. Downloaded rpms are checked with an rpm gpg key.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: YUM revocation check

Post by TrevorH » 2019/08/16 19:25:36

As yum completely ignores the expiry of the keys used to sign packages, I don't think it cares about certificate revocation either.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

rigormortis
Posts: 2
Joined: 2019/08/16 14:20:19

Re: YUM revocation check

Post by rigormortis » 2019/08/21 11:49:25

ok, thank you to both of you for the responses.

Post Reply