>
> el7 have md5 disable and if you have your ssl certificates with
> 'default_md=md5' parameter, you must recreate your pki with this
> parameter to
> sha1 or better sha256 in your ssl.cnf
> (
http://fedoraproject.org/wiki/Koji/ServerHowTo).
>
> to be sure that's the problem:
> OPENSSL_ENABLE_MD5_VERIFY=1 koji regen-repo el5-decisiv
>
> if this command run successfully, you know what to do ...
Hi Didier,
Yep, I knew this. I remembered the e-mail on the list. Also, I didn't move/use any of
my current Koji configuration files from my running instance. I made a new Koji instance
from scratch. I made sure to use the SHA256 crypto. It's also the crypto specified the
example ssl.cnf on the Fedora documentation link you sent.
Also, koji commands work. It's just the polling watching function doesn't unless
I rescue the OpenSSL.SSL.SysCallError: (-1, 'Unexpected EOF'). From what I can
find out, this is a NO-OP situation that isn't currently handled in Koji's code.
The koji client *is* authenticating via SSL but then the polling (watching the
task/request) doesn't work.
I see the same "Unexpected EOF" (unless I rescue it) in /var/log/kojid.log:
2015-01-29 03:12:50,257 [INFO] koji: Try #1 for call 362 (listBuildroots) failed: (-1,
'Unexpected EOF')
I will double check the SSL certs but I am confident that I would get a different error
message.
yeap koji server now needs to be build in a sha256 certs and I'm getting
same problem on Fedora 21 with all updates-testing available for this
area
your patch mention in first message of this thread works great and I
could bootstrap one koji server ( with self signed certificates )
it also looks like this bug
Thanks,
--
Sérgio M. B.