el7 have md5 disable and if you have your ssl certificates with
'default_md=md5' parameter, you must recreate your pki with this
parameter to
sha1 or better sha256 in your ssl.cnf
(
http://fedoraproject.org/wiki/Koji/ServerHowTo).
to be sure that's the problem:
OPENSSL_ENABLE_MD5_VERIFY=1 koji regen-repo el5-decisiv
if this command run successfully, you know what to do ...
Hi Didier,
Yep, I knew this. I remembered the e-mail on the list. Also, I didn't move/use any of
my current Koji configuration files from my running instance. I made a new Koji instance
from scratch. I made sure to use the SHA256 crypto. It's also the crypto specified the
example ssl.cnf on the Fedora documentation link you sent.
Also, koji commands work. It's just the polling watching function doesn't unless I
rescue the OpenSSL.SSL.SysCallError: (-1, 'Unexpected EOF'). From what I can find
out, this is a NO-OP situation that isn't currently handled in Koji's code. The
koji client *is* authenticating via SSL but then the polling (watching the task/request)
doesn't work.
I see the same "Unexpected EOF" (unless I rescue it) in /var/log/kojid.log:
2015-01-29 03:12:50,257 [INFO] koji: Try #1 for call 362 (listBuildroots) failed: (-1,
'Unexpected EOF')
I will double check the SSL certs but I am confident that I would get a different error
message.
Thanks,
/allen
________________________________
Disclaimer Confidentiality Notice: This e-mail, and any attachments and/or documents
linked to this email, are intended for the addressee and may contain information that is
privileged, confidential, proprietary, or otherwise protected by law. Any dissemination,
distribution, or copying is prohibited. This notice serves as a confidentiality marking
for the purpose of any confidentiality or nondisclosure agreement. If you have received
this communication in error, please contact the original sender.