Bug 1076045 - [rfe] ssl support
[rfe] ssl support
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: dnf (Show other bugs)
rawhide
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Ales Kozumplik
Fedora Extras Quality Assurance
:
Depends On: 1093014
Blocks: 871892
  Show dependency treegraph
 
Reported: 2014-03-13 08:33 EDT by Igor Gnatenko
Modified: 2014-09-30 19:42 EDT (History)
5 users (show)

See Also:
Fixed In Version: dnf-plugins-core-0.0.8-2.fc20
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-05-31 19:57:13 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Igor Gnatenko 2014-03-13 08:33:05 EDT
Hi,

Steps to reproduce:
1. add new .repo file
[tycho]
name=tycho
baseurl=https://tycho.gnutelephony.org:2201/archive/fedora/x86_64
enabled=1
gpgcheck=0
sslverify=false
2. dnf makecache -v

Actual results:
Problem with repo 'tycho': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried, disabling.

Expected results:
all works fine

Additional info:
I've taken a look for dnf code, but looks like this code is unimplemented.

dnf/yum/config.py:    sslcacert = Option()
dnf/yum/config.py:    sslverify = BoolOption(True)
dnf/yum/config.py:    sslclientcert = Option()
dnf/yum/config.py:    sslclientkey = Option()
dnf/yum/config.py:    sslcacert = Inherit(YumConf.sslcacert)
dnf/yum/config.py:    sslverify = Inherit(YumConf.sslverify) # :api
dnf/yum/config.py:    sslclientcert = Inherit(YumConf.sslclientcert)
dnf/yum/config.py:    sslclientkey = Inherit(YumConf.sslclientkey)


but nothing more in code.
Comment 1 Ales Kozumplik 2014-03-14 04:59:36 EDT
Hi, yes, this looks like something to look at.
Comment 2 Ales Kozumplik 2014-04-30 04:04:11 EDT
Igor, my browser times out when accessing https://tycho.gnutelephony.org:2201/archive/fedora/x86_64

Is it possible there is more than the supposed DNF problem here?
Comment 3 Ales Kozumplik 2014-04-30 04:28:33 EDT
Indeed, I can get md and .rpms from https://ftp.fau.de/fedora/linux/development/rawhide/x86_64/os/ without problems. Will try with a https that uses non-trusted cert too.
Comment 4 Igor Gnatenko 2014-05-02 09:04:57 EDT
(In reply to Ales Kozumplik from comment #3)
> Indeed, I can get md and .rpms from
> https://ftp.fau.de/fedora/linux/development/rawhide/x86_64/os/ without
> problems. Will try with a https that uses non-trusted cert too.

yeah. I meant self-signed cert.
Comment 5 Ales Kozumplik 2014-05-06 14:47:59 EDT
Fixed upstream by ede1e5d. You'll need to explicitly set sslverify=false for repositories that are not hosted on a verifiable server.
Comment 6 Igor Gnatenko 2014-05-06 14:53:19 EDT
(In reply to Ales Kozumplik from comment #5)
> Fixed upstream by ede1e5d. You'll need to explicitly set sslverify=false for
> repositories that are not hosted on a verifiable server.

Cool! Thank you!
Comment 7 Fedora Update System 2014-05-28 08:08:47 EDT
dnf-plugins-core-0.0.8-2.fc20, libsolv-0.6.1-1.git6d968f1.fc20, hawkey-0.4.16-1.fc20, dnf-0.5.2-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/libsolv-0.6.1-1.git6d968f1.fc20,hawkey-0.4.16-1.fc20,dnf-0.5.2-1.fc20,dnf-plugins-core-0.0.8-2.fc20
Comment 8 Fedora Update System 2014-05-28 19:48:39 EDT
Package dnf-plugins-core-0.0.8-2.fc20, libsolv-0.6.1-1.git6d968f1.fc20, hawkey-0.4.16-1.fc20, dnf-0.5.2-1.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing dnf-plugins-core-0.0.8-2.fc20 libsolv-0.6.1-1.git6d968f1.fc20 hawkey-0.4.16-1.fc20 dnf-0.5.2-1.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-6789/libsolv-0.6.1-1.git6d968f1.fc20,hawkey-0.4.16-1.fc20,dnf-0.5.2-1.fc20,dnf-plugins-core-0.0.8-2.fc20
then log in and leave karma (feedback).
Comment 9 Fedora Update System 2014-05-31 19:57:13 EDT
dnf-plugins-core-0.0.8-2.fc20, libsolv-0.6.1-1.git6d968f1.fc20, hawkey-0.4.16-1.fc20, dnf-0.5.2-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.