<tt><font size=2>> From: mikeb@redhat.com</font></tt>
<br><tt><font size=2>> <br>
> On 10/22/13 7:52 AM, John.Florian@dart.biz wrote:<br>
> > > From: mikem@redhat.com<br>
> > ><br>
> > > On 10/16/2013 06:28 PM, Michael Cronenworth wrote:<br>
> > > > John.Florian@dart.biz wrote:<br>
> > > >> However, if I try the login link on the web
page, firefox comes up<br>
> > with a<br>
> > > >> message stating:<br>
> > > >><br>
> > > >> The page isn't redirecting properly<br>
> > > ><br>
> > > > I believe this is a bug in the latest Koji. After
Fedora 18 or 19 web<br>
> > > > login broke for me and I never investigated as
to why as I never<br>
> > use it.<br>
> > > > I use the CLI.<br>
> > ><br>
> > > The underlying bug is that koji's check for http vs
https was breaking<br>
> > > on newer versions of mod_wsgi. This was fixed on the
hub a while back,<br>
> > > but for some reason we missed it on the web ui.<br>
> > ><br>
> > > This commit should help:<br>
> > > </font></tt><a href=https://git.fedorahosted.org/cgit/koji/commit/?><tt><font size=2>https://git.fedorahosted.org/cgit/koji/commit/?</font></tt></a><tt><font size=2><br>
> > > id=cf01c000a83702ee74de67b2ead3bdef51591093<br>
> ><br>
> ><br>
> > Thanks Mike! That indeed seemed to get things going in
the right<br>
> > direction, but now my login link makes me think I have a certificate<br>
> > error of sorts, yet everything looks good to me. Clicking
the login<br>
> > link gets me:<br>
> ><br>
> > ==> /var/log/httpd/error_log <==<br>
> > [Tue Oct 22 09:48:02.669660 2013] [:error] [pid 623] 669 [ERROR]
m=login<br>
> > u=None p=623 r=10.1.0.158:34806 koji.web: Traceback (most recent
call<br>
> > last):<br>
> > [Tue Oct 22 09:48:02.669694 2013] [:error] [pid 623] File<br>
> > "/usr/share/koji-web/scripts/wsgi_publisher.py", line
368, in<br>
> > handle_request<br>
> > [Tue Oct 22 09:48:02.669702 2013] [:error] [pid 623]
result =<br>
> > func(environ, **data)<br>
> > [Tue Oct 22 09:48:02.669707 2013] [:error] [pid 623] File<br>
> > "/usr/share/koji-web/scripts/index.py", line 237, in
login<br>
> > [Tue Oct 22 09:48:02.669713 2013] [:error] [pid 623]
if not<br>
> > _sslLogin(environ, session, username):<br>
> > [Tue Oct 22 09:48:02.669717 2013] [:error] [pid 623] File<br>
> > "/usr/share/koji-web/scripts/index.py", line 125, in
_sslLogin<br>
> > [Tue Oct 22 09:48:02.669722 2013] [:error] [pid 623]<br>
> > proxyuser=username)<br>
> > [Tue Oct 22 09:48:02.669727 2013] [:error] [pid 623] File<br>
> > "/usr/lib/python2.7/site-packages/koji/__init__.py",
line 1726, in<br>
> > ssl_login<br>
> > [Tue Oct 22 09:48:02.669732 2013] [:error] [pid 623]
sinfo =<br>
> > self.callMethod('sslLogin', proxyuser)<br>
> > [Tue Oct 22 09:48:02.669746 2013] [:error] [pid 623] File<br>
> > "/usr/lib/python2.7/site-packages/koji/__init__.py",
line 1775, in<br>
> > callMethod<br>
> > [Tue Oct 22 09:48:02.669752 2013] [:error] [pid 623]
return<br>
> > self._callMethod(name, args, opts)<br>
> > [Tue Oct 22 09:48:02.669757 2013] [:error] [pid 623] File<br>
> > "/usr/lib/python2.7/site-packages/koji/__init__.py",
line 1914, in<br>
> > _callMethod<br>
> > [Tue Oct 22 09:48:02.669761 2013] [:error] [pid 623]
raise err<br>
> > [Tue Oct 22 09:48:02.669766 2013] [:error] [pid 623] AuthError:<br>
> > CN=mdct-koji.dartcontainer.com,OU=kojiweb,O=Dart Container<br>
> > Corp.,ST=Michigan,C=US is not authorized to login other users<br>
> ><br>
> > My setup is as follows:<br>
> ><br>
> > # grep ProxyDNs /etc/koji-hub/hub.conf<br>
> > ProxyDNs = /C=US/ST=Michigan/O=Dart Container<br>
> > Corp./OU=kojiweb/CN=mdct-koji.dartcontainer.com<br>
> <br>
> This looks like a change in the format mod_ssl uses for the <br>
> SSL_CLIENT_S_DN variable. If you change the ProxyDNs entry to
match the <br>
> DN printed in the backtrace, it should fix the problem.</font></tt>
<br>
<br><font size=2 face="sans-serif">Sure enough, that did the trick. I'll
make a note of this at </font><a href=https://fedoraproject.org/wiki/Koji/ServerHowTo><font size=2 face="sans-serif">https://fedoraproject.org/wiki/Koji/ServerHowTo</font></a><font size=2 face="sans-serif">.
Any idea of what version of mod_ssl brought about this change?</font>
<br><font size=2 face="sans-serif"><br>
--<br>
John Florian</font>
<br>