koji rebuild refuses due to sslv3 certificate expire

Paul Howarth paul at city-fan.org
Tue May 15 11:19:39 UTC 2007


Mamoru Tasaka wrote:
> Hello.
> 
> I want to send a build queue of jd to koji, however
> it is refused with returning error messages below:
> 
> ---------------------------------------------------
> [tasaka1 at localhost devel]$ LANG=C make build
> <class 'OpenSSL.SSL.Error'>: [('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert certificate
> expired'), ('SSL routines', 'SSL3_WRITE_BYTES', 'ssl handshake failure')]
> make: *** [koji] Error 1
> ---------------------------------------------------
> 
> I even re-downloaded a new client certificate and
> now my ~/.fedora.cert says:
> ---------------------------------------------------
>         Issuer: C=US, ST=North Carolina, L=Raleigh, O=Fedora Project, OU=Upload Files,
> CN=cvs.fedora.redhat.com/emailAddress=webmaster at fedora.redhat.com
>         Validity
>             Not Before: May 15 05:36:04 2007 GMT
>             Not After : May 14 05:36:04 2008 GMT
>         Subject: C=US, ST=North Carolina, O=Fedora Project, OU=Mamoru Tasaka,
> CN=mtasaka/emailAddress=mtasaka at ioa.s.u-tokyo.ac.jp
> ---------------------------------------------------
> 
> What can I do for this failure?

I had this problem over the weekend too. Koji does not use 
~/.fedora.cert directly, it uses ~/.koji/client.crt, which is copied 
from ~/.fedora.cert when you run fedora-packager-setup.sh, if there is 
not already a ~/.koji/client.crt present. It won't overwrite an existing 
cert, even if it has expired. I just did:

$ rm -rf ~/.koji
$ fedora-packager-setup.sh

and all was well again.

Paul.




More information about the Fedora-maintainers mailing list