[rhelv6-list] Fun with new RHEL
Chris Adams
cmadams at hiwaay.net
Thu Nov 11 22:01:38 UTC 2010
Once upon a time, Bill Nottingham <notting at redhat.com> said:
> Chris Adams (cmadams at hiwaay.net) said:
> > Another odd thing: I have for years used a local Squid proxy for updates
> > (speeds up updating a bunch of similar systems and allows me to manage
> > the bandwidth consumed in one place). To cache the RPMs, I've set
> > "useNoSSLForPackages=1" in /etc/sysconfig/rhn/up2date. Now when I do
> > that, I get:
> >
> > # yum update
> > Loaded plugins: rhnplugin
> > rhel-x86_64-server-6 | 1.8 kB 00:00
> > Error: failed to retrieve repodata/6faecb305efb123bd886342dd108b407fc2b14ace71b46e66a675209e97da51a-primary.xml.gz from rhel-x86_64-server-6
> > error was [Errno 14] Peer cert cannot be verified or peer cert invalid
>
> Please file an issue for this. Although it looks like it's something where
> it's attempting to validate the peer HTTPS cert, but ends up using the
> proxy's IP, so the hostname doesn't match, and it fails. That might be hard
> to fix as long as the proxy is there.
I filed BZ 652424. It actually doesn't even require a proxy to break;
just adding useNoSSLForPackages=1 is enough to cause this.
BTW: somebody at RH might want to check the BZ config; it appears to
have picked up the old RHL versions (6.0-6.3) when you choose RHEL 6 to
open a new bug.
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
More information about the rhelv6-list
mailing list