Bug 990366
Summary: | rhnpush should have option to specify server's CA cert | ||
---|---|---|---|
Product: | Red Hat Satellite 5 | Reporter: | Jan Hutař <jhutar> |
Component: | Client | Assignee: | Jan Dobes <jdobes> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Martin Korbel <mkorbel> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | unspecified | CC: | cperry, jdobes, mkorbel |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | rhnpush-5.5.65-2 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-10-01 21:56:27 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 924232 |
Description
Jan Hutař
2013-07-31 04:48:42 UTC
fixed in spacewalk master: ce4aedce10bfb16bc4dacf32bf9441ad55f286c5 new parameter '--ca-chain' VERIFIED on rhnpush-5.5.65-5.el6sat REPRODUCED on rhnpush-5.5.65-1.el6sat rhnpush-5.5.42-7.el6sat ignores unknow CA. Steps to reproduce: 1. create custom channel > python >>> import xmlrpclib >>> client = xmlrpclib.Server('http://<fqdn>/rpc/api', verbose=0) >>> key = client.auth.login('admin','xxx') >>> client.channel.software.create(key,"my-channel","my-channel","my-channel","channel-x86_64","",{}) 2. prepare and push package > export SERVER="<fqdn>" > wget http://dl.fedoraproject.org/pub/epel/6/x86_64/BitchX-1.2.1-1.el6.x86_64.rpm -O /tmp/BitchX-1.2.1-1.el6.x86_64.rpm > rhnpush --username=admin --password=xxx --channel=my-channel --server=https://$SERVER/APP -v --nosig --force /tmp/BitchX-1.2.1-1.el6.x86_64.rpm rhnpush-5.5.65-5.el6sat: ERROR: unhandled exception occurred: ([('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]). rhnpush-5.5.65-1.el6sat: ERROR: unhandled exception occurred: (Certificate file /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT is not accessible). rhnpush-5.5.42-7.el6sat: Uploading package /tmp/BitchX-1.2.1-1.el6.x86_64.rpm Using POST request 3. again with CA > wget http://$SERVER/pub/RHN-ORG-TRUSTED-SSL-CERT -O /tmp/RHN-ORG-TRUSTED-SSL-CERT.$SERVER > rhnpush --username=admin --password=xxx --channel=my-channel --server=https://$SERVER/APP --ca-chain=/tmp/RHN-ORG-TRUSTED-SSL-CERT.$SERVER -v --nosig --force /tmp/BitchX-1.2.1-1.el6.x86_64.rpm rhnpush-5.5.65-5.el6sat: Package BitchX-1.2.1-1.el6.x86_64.rpm Not Found on RHN Server -- Uploading Uploading package BitchX-1.2.1-1.el6.x86_64.rpm Using POST request rhnpush-5.5.65-1.el6sat and rhnpush-5.5.42-7.el6sat: Usage: rhnpush [OPTION] [<package>] rhnpush: error: no such option: --ca-chain Satellite 5.6 has been released. This bug was tracked under the release. This bug was either VERIFIED or RELEASE_PENDING (re-verified prior shortly before release). Moving to CLOSED CURRENT_RELEASE. Text from Upgrade Erratum follows: Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2013-1395.html |