[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: up2date for testing (with apt/yum/dir repo support)

From: Adrian Likins <alikins redhat com>
To: rhl-devel-list redhat com
Subject: Re: up2date for testing (with apt/yum/dir repo support)
Date: Wed, 13 Aug 2003 22:44:22 -0400

On Wed, Aug 13, 2003 at 07:27:18PM -0700, Barry K. Nathan wrote:
> [root i5000e root]# up2date -ui
> SSL.Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate
> verify failed')]
> 
> I'm using a Current server, but I do think I've stubled upon another
> client bug here.
> 
> [root i5000e root]# fgrep -B1 RHNS-CA-CERT /etc/sysconfig/rhn/up2date
> sslCACert[comment]=The CA cert used to verify the ssl server
> sslCACert=/usr/share/rhn/RHNS-CA-CERT.rula
>
rpcServer.py:
 # Where do we keep the CA certificate for RHNS?
 # The servers we're talking to need to have their certs
 # signed by one of these CA.
-ca = cfg["sslCACerts"]
+ca = cfg["sslCACert"]

that fixes it. It was looking for the wrong config name
(changed this code recently to support multiple ca certs,
and missed this name). For our cert it fails back to
a hardcoded value.

Nice find.
 

> Another weird quirk: If I delete RHNS-CA-CERT, up2date-config just dies
> silently:
>
same bug.
 
Should be fixed in 3.9.7 at some point.

Adrian

References:
- up2date for testing (with apt/yum/dir repo support)
  - From: Adrian Likins
- Re: up2date for testing (with apt/yum/dir repo support)
  - From: Sean Estabrooks
- Re: up2date for testing (with apt/yum/dir repo support)
  - From: Adrian Likins
- Re: up2date for testing (with apt/yum/dir repo support)
  - From: Sean Estabrooks
- Re: up2date for testing (with apt/yum/dir repo support)
  - From: Adrian Likins
- Re: up2date for testing (with apt/yum/dir repo support)
  - From: Barry K. Nathan

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]