Bug 1076045

Summary: [rfe] ssl support
Product: [Fedora] Fedora Reporter: Igor Gnatenko <ignatenko>
Component: dnfAssignee: Ales Kozumplik <akozumpl>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: akozumpl, ignatenko, jzeleny, pnemade, rholy
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: dnf-plugins-core-0.0.8-2.fc20 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-05-31 23:57:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1093014    
Bug Blocks: 871892    

Description Igor Gnatenko 2014-03-13 12:33:05 UTC 
Hi,

Steps to reproduce:
1. add new .repo file
[tycho]
name=tycho
baseurl=https://tycho.gnutelephony.org:2201/archive/fedora/x86_64
enabled=1
gpgcheck=0
sslverify=false
2. dnf makecache -v

Actual results:
Problem with repo 'tycho': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried, disabling.

Expected results:
all works fine

Additional info:
I've taken a look for dnf code, but looks like this code is unimplemented.

dnf/yum/config.py:    sslcacert = Option()
dnf/yum/config.py:    sslverify = BoolOption(True)
dnf/yum/config.py:    sslclientcert = Option()
dnf/yum/config.py:    sslclientkey = Option()
dnf/yum/config.py:    sslcacert = Inherit(YumConf.sslcacert)
dnf/yum/config.py:    sslverify = Inherit(YumConf.sslverify) # :api
dnf/yum/config.py:    sslclientcert = Inherit(YumConf.sslclientcert)
dnf/yum/config.py:    sslclientkey = Inherit(YumConf.sslclientkey)


but nothing more in code.
Comment 1 Ales Kozumplik 2014-03-14 08:59:36 UTC 
Hi, yes, this looks like something to look at.
Comment 2 Ales Kozumplik 2014-04-30 08:04:11 UTC 
Igor, my browser times out when accessing https://tycho.gnutelephony.org:2201/archive/fedora/x86_64

Is it possible there is more than the supposed DNF problem here?
Comment 3 Ales Kozumplik 2014-04-30 08:28:33 UTC 
Indeed, I can get md and .rpms from https://ftp.fau.de/fedora/linux/development/rawhide/x86_64/os/ without problems. Will try with a https that uses non-trusted cert too.
Comment 4 Igor Gnatenko 2014-05-02 13:04:57 UTC 
(In reply to Ales Kozumplik from comment #3)
> Indeed, I can get md and .rpms from
> https://ftp.fau.de/fedora/linux/development/rawhide/x86_64/os/ without
> problems. Will try with a https that uses non-trusted cert too.

yeah. I meant self-signed cert.
Comment 5 Ales Kozumplik 2014-05-06 18:47:59 UTC 
Fixed upstream by ede1e5d. You'll need to explicitly set sslverify=false for repositories that are not hosted on a verifiable server.
Comment 6 Igor Gnatenko 2014-05-06 18:53:19 UTC 
(In reply to Ales Kozumplik from comment #5)
> Fixed upstream by ede1e5d. You'll need to explicitly set sslverify=false for
> repositories that are not hosted on a verifiable server.

Cool! Thank you!
Comment 7 Fedora Update System 2014-05-28 12:08:47 UTC 
dnf-plugins-core-0.0.8-2.fc20, libsolv-0.6.1-1.git6d968f1.fc20, hawkey-0.4.16-1.fc20, dnf-0.5.2-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/libsolv-0.6.1-1.git6d968f1.fc20,hawkey-0.4.16-1.fc20,dnf-0.5.2-1.fc20,dnf-plugins-core-0.0.8-2.fc20
Comment 8 Fedora Update System 2014-05-28 23:48:39 UTC 
Package dnf-plugins-core-0.0.8-2.fc20, libsolv-0.6.1-1.git6d968f1.fc20, hawkey-0.4.16-1.fc20, dnf-0.5.2-1.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing dnf-plugins-core-0.0.8-2.fc20 libsolv-0.6.1-1.git6d968f1.fc20 hawkey-0.4.16-1.fc20 dnf-0.5.2-1.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-6789/libsolv-0.6.1-1.git6d968f1.fc20,hawkey-0.4.16-1.fc20,dnf-0.5.2-1.fc20,dnf-plugins-core-0.0.8-2.fc20
then log in and leave karma (feedback).
Comment 9 Fedora Update System 2014-05-31 23:57:13 UTC 
dnf-plugins-core-0.0.8-2.fc20, libsolv-0.6.1-1.git6d968f1.fc20, hawkey-0.4.16-1.fc20, dnf-0.5.2-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.