Is FAS (Fedora Account System) broken?

Stephen Gallagher sgallagh at redhat.com
Fri Nov 11 21:06:55 UTC 2011 

On Fri, 2011-11-11 at 10:47 +0100, Adam Tkac wrote:
> Hello,
> 
> today I tried to upload new bind tarball via `fedpkg new-sources`
> command but it failed with
> "pycurl.error: (60, 'Peer certificate cannot be authenticated with given
> CA certificates')" error.
> 
> I though there is problem with my ~/.fedora* certificates but after
> inspection all fedora* commands (fedora-cert -v, fedora-cert -n,
> fedora-packager-setup) fails with the same error, example:
> 
> $ fedora-packager-setup
> Setting up Fedora packager environment
> You need a client certificate from the Fedora Account System, lets get
> one now
> FAS Username: atkac
> FAS Password:
> Traceback (most recent call last):
>   File "/usr/bin/fedora-packager-setup", line 148, in <module>
>     main()
>   File "/usr/bin/fedora-packager-setup", line 112, in main
>     fedora_cert.create_user_cert()
>   File "/usr/lib/python2.7/site-packages/fedora_cert/__init__.py", line
> 96, in create_user_cert
>     cert = fas.user_gencert()
>   File "/usr/lib/python2.7/site-packages/fedora/client/fas2.py", line
> 565, in user_gencert
>     request = self.send_request('user/dogencert', auth=True)
>   File "/usr/lib/python2.7/site-packages/fedora/client/baseclient.py",
> line 344, in send_request
>     auth_params=auth_params, retries=retries)
>   File "/usr/lib/python2.7/site-packages/fedora/client/proxyclient.py",
> line 380, in send_request
>     request.perform()
> pycurl.error: (60, 'Peer certificate cannot be authenticated with given
> CA certificates')
> 
> Is anyone experiencing same issue? I'm using up2date F16 system.
> 
> Regards, Adam


If you're running with updates-testing, you may be hitting the
certificate validation regression introduced by
https://admin.fedoraproject.org/updates/FEDORA-2011-15612

Try downgrading the 'nss' package and see if things start working again.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20111111/9875117d/attachment.bin

More information about the devel mailing list