[Pulp-list] Pulp 2.3: Synching RHN via Proxy stopped working

Arnold Bechtoldt mail at arnoldbechtoldt.com
Thu Dec 12 15:01:26 UTC 2013 

BTW:

Did you already have contacted Bluecoat concerning this problem?


Feel free to reply directly to my mail address instead of the public
mailing list if you need to.


Arnold

-- 
Arnold Bechtoldt
Magdeburger Str. 29
76139 Karlsruhe
Germany

Am 12.12.13 15:35, schrieb Florian Sachs:
> Hi,
> 
> The problem was related to our Bluecoat Proxy, which didn't handle
> TLS1.2 correctly. Squid and tinyproxy work without any problems.
> 
> I was able to change the behaviour of urllib3, which is used by pulp, to
> use TLSv1 (and not 1.2), which is easier for me than trying to get the
> Bluecoat fixed.
> 
> best regards,
> florian
> 
> Her is the diff:
> 
> --- /usr/lib/python2.6/site-packages/requests/packages/urllib3/util.py
> 2013-09-24 20:09:11.000000000 +0200
> +++ /tmp/util.py        2013-12-12 14:58:45.539748660 +0100
> @@ -26,7 +26,7 @@
>      HAS_SNI = False
> 
>      import ssl
> -    from ssl import wrap_socket, CERT_NONE, PROTOCOL_SSLv23
> +    from ssl import wrap_socket, CERT_NONE, PROTOCOL_SSLv23,
> PROTOCOL_TLSv1
>      from ssl import SSLContext  # Modern SSL?
>      from ssl import HAS_SNI  # Has SNI?
>  except ImportError:
> @@ -528,7 +528,7 @@
>      like resolve_cert_reqs
>      """
>      if candidate is None:
> -        return PROTOCOL_SSLv23
> +        return PROTOCOL_TLSv1
> 
>      if isinstance(candidate, str):
>          res = getattr(ssl, candidate, None)
> 
> Am 09.12.2013 16:48, schrieb Michael Hrivnak:
>> Hi, Florian. We thoroughly tested the proxy functionality with 2.3 and
>> re-confirmed this morning that it works doing a sync from our CDN
>> through a squid proxy. I added a couple of questions to the bug report
>> that may help identify what's going on in your setup.
>>
>> Thanks for being in touch.
>>
>> Michael
>>
>> ----- Original Message -----
>> From: "Florian Sachs" <florian.sachs at bmlvs.gv.at>
>> To: pulp-list at redhat.com
>> Sent: Monday, December 9, 2013 3:30:02 AM
>> Subject: [Pulp-list] Pulp 2.3: Synching RHN via Proxy stopped working
>>
>> Hi,
>>
>> With 2.3 Synching from HRN via our company proxy stopped working.
>>
>> Has anyone been successfull synching RHN with pulp 2.3 via a Proxy?
>>
>> florian
>>
>> FYI: I already filed a bug:
>> https://bugzilla.redhat.com/show_bug.cgi?id=1039471
>>
>>
>> _______________________________________________
>> Pulp-list mailing list
>> Pulp-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/pulp-list
> 
> _______________________________________________
> Pulp-list mailing list
> Pulp-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-list

More information about the Pulp-list mailing list