Bug 103358 - New repo backend design has unhandled exceptions
New repo backend design has unhandled exceptions
Status: CLOSED RAWHIDE
Product: Red Hat Raw Hide
Classification: Retired
Component: up2date (Show other bugs)
1.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Adrian Likins
Fanny Augustin
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-08-29 06:12 EDT by Paul Nasrat
Modified: 2007-04-18 12:57 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-11-01 07:14:23 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch to handle exception on import (847 bytes, patch)
2003-08-29 06:14 EDT, Paul Nasrat
no flags Details | Diff

  None (edit)
Description Paul Nasrat 2003-08-29 06:12:46 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030703

Description of problem:
Whilst trying a routine up2date the certificate for xmlrpc.rhn.redhat.com was
not signed by RHNS-CA-CERT so an SSL Error was obtained.

...
SSL.Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify
failed')]

essentially 

try:
    from up2date_client import repoDirector
...

in repoDirector there is a call in the header

                                                                               
channels = rhnChannel.getChannels()

which in turn calls login() which can return an SSL.Error from the xmlrpc backend.

This leaves a nasty python stacktrace.  As this is not in main() of wrapper.py
it isn't caught.
                                                                                


Version-Release number of selected component (if applicable):
up2date-3.9.15

How reproducible:
Always

Steps to Reproduce:
1. Replace RHNS-CA-CERT with a invalid one (or break it server side):
openssl genrsa -out server.key 1024
openssl req -new -x509 -days 365 -key server.key -out server.crt
openssl x509 -noout -text -in server.crt > RHNS-CA-CERT
2. replace cert or point up2date at invalid one
3.  run up2date -l
    

Actual Results:  Stack trace

Expected Results:  A nice error message should be printed
Comment 1 Paul Nasrat 2003-08-29 06:14:50 EDT
Created attachment 94063 [details]
Patch to handle exception on import

This handles the exception at the outermost level of up2date.
Comment 2 Adrian Likins 2003-09-02 14:13:58 EDT
Thanks for the patch. I think I fixed this by rearraging some
of the module imports so ssl errors dont happen when importing
repoDirector. The old ssl error catching code seems to work
with the new org.

3.9.19 should have it, if not 3.9.21 at least does.
Comment 3 Paul Nasrat 2003-11-01 07:14:23 EST
[root@enki rhn]# rpm -q up2date
up2date-4.1.14-2
[root@enki rhn]# grep CA up2date
sslCACert[comment]=The CA cert used to verify the ssl server
sslCACert=/usr/share/rhn/RHNS-CA-CERT.b0rk
[root@enki rhn]# up2date -l
There was an SSL error: []
A common cause of this error is the system time being incorrect.
Verify that the time on this system is correct.

Note You need to log in before you can comment on or make changes to this bug.