Bug 103358 - New repo backend design has unhandled exceptions
Summary: New repo backend design has unhandled exceptions
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: up2date (Show other bugs)
(Show other bugs)
Version: 1.0
Hardware: All Linux
Target Milestone: ---
Assignee: Adrian Likins
QA Contact: Fanny Augustin
Depends On:
TreeView+ depends on / blocked
Reported: 2003-08-29 10:12 UTC by Paul Nasrat
Modified: 2007-04-18 16:57 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-11-01 12:14:23 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch to handle exception on import (847 bytes, patch)
2003-08-29 10:14 UTC, Paul Nasrat
no flags Details | Diff

Description Paul Nasrat 2003-08-29 10:12:46 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030703

Description of problem:
Whilst trying a routine up2date the certificate for xmlrpc.rhn.redhat.com was
not signed by RHNS-CA-CERT so an SSL Error was obtained.

SSL.Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify


    from up2date_client import repoDirector

in repoDirector there is a call in the header

channels = rhnChannel.getChannels()

which in turn calls login() which can return an SSL.Error from the xmlrpc backend.

This leaves a nasty python stacktrace.  As this is not in main() of wrapper.py
it isn't caught.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Replace RHNS-CA-CERT with a invalid one (or break it server side):
openssl genrsa -out server.key 1024
openssl req -new -x509 -days 365 -key server.key -out server.crt
openssl x509 -noout -text -in server.crt > RHNS-CA-CERT
2. replace cert or point up2date at invalid one
3.  run up2date -l

Actual Results:  Stack trace

Expected Results:  A nice error message should be printed

Comment 1 Paul Nasrat 2003-08-29 10:14:50 UTC
Created attachment 94063 [details]
Patch to handle exception on import

This handles the exception at the outermost level of up2date.

Comment 2 Adrian Likins 2003-09-02 18:13:58 UTC
Thanks for the patch. I think I fixed this by rearraging some
of the module imports so ssl errors dont happen when importing
repoDirector. The old ssl error catching code seems to work
with the new org.

3.9.19 should have it, if not 3.9.21 at least does.

Comment 3 Paul Nasrat 2003-11-01 12:14:23 UTC
[root@enki rhn]# rpm -q up2date
[root@enki rhn]# grep CA up2date
sslCACert[comment]=The CA cert used to verify the ssl server
[root@enki rhn]# up2date -l
There was an SSL error: []
A common cause of this error is the system time being incorrect.
Verify that the time on this system is correct.

Note You need to log in before you can comment on or make changes to this bug.