Revert "Fixes #37828: Ignore system CA trust when verifying certifica…

…tes" This reverts commit 914c3cb because OpenSSL on EL8 doesn't support the `-no-CApath` option.
theforeman · Nov 19, 2024 · 27e5ded · 27e5ded
1 parent fcbce90
commit 27e5ded
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/bin/katello-certs-check b/bin/katello-certs-check
@@ -157,7 +157,7 @@ function check-priv-key () {
 function check-ca-bundle () {
     printf "Checking CA bundle against the certificate file: "
     ERROR_PATTERN="error [0-9]+ at"
-    CHECK=$(openssl verify -no-CApath -no-CAstore -CAfile $CA_BUNDLE_FILE -purpose sslserver -verbose $CERT_FILE 2>&1)
+    CHECK=$(openssl verify -CAfile $CA_BUNDLE_FILE -purpose sslserver -verbose $CERT_FILE 2>&1)
     CHECK_STATUS=$?
 
     if [[ $CHECK_STATUS != "0" || $CHECK =~ $ERROR_PATTERN ]]; then