up2date for testing (with apt/yum/dir repo support)

Adrian Likins alikins at redhat.com
Thu Aug 14 02:44:22 UTC 2003


On Wed, Aug 13, 2003 at 07:27:18PM -0700, Barry K. Nathan wrote:
> [root at i5000e root]# up2date -ui
> SSL.Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate
> verify failed')]
> 
> I'm using a Current server, but I do think I've stubled upon another
> client bug here.
> 
> [root at i5000e root]# fgrep -B1 RHNS-CA-CERT /etc/sysconfig/rhn/up2date
> sslCACert[comment]=The CA cert used to verify the ssl server
> sslCACert=/usr/share/rhn/RHNS-CA-CERT.rula
>
rpcServer.py:
 # Where do we keep the CA certificate for RHNS?
 # The servers we're talking to need to have their certs
 # signed by one of these CA.
-ca = cfg["sslCACerts"]
+ca = cfg["sslCACert"]

that fixes it. It was looking for the wrong config name
(changed this code recently to support multiple ca certs,
and missed this name). For our cert it fails back to
a hardcoded value.

Nice find.
 

> Another weird quirk: If I delete RHNS-CA-CERT, up2date-config just dies
> silently:
>
same bug.
 
Should be fixed in 3.9.7 at some point.

Adrian





More information about the devel mailing list