Bug 2141840 - dnf should try a different mirror if it encounters a mirror with a certificate problem
Summary: dnf should try a different mirror if it encounters a mirror with a certificat...
Keywords:
Status: NEW
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: librepo
Version: CentOS Stream
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: ---
Assignee: David Cantrell
QA Contact: swm-qe
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-11-10 20:47 UTC by Jonathan Kamens
Modified: 2023-08-16 08:11 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-139093 0 None None None 2022-11-10 20:50:10 UTC

Description Jonathan Kamens 2022-11-10 20:47:18 UTC 
dnf-makecache.service logs:

Nov 10 13:38:03 jik4.kamens.us dnf[684995]: Errors during downloading metadata for repository 'epel':
Nov 10 13:38:03 jik4.kamens.us dnf[684995]:   - Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://epel.mirror.constant.com/8/Everything/x86_64/repodata/repomd.xml [SSL certificate problem: certificate has expired]
Nov 10 13:38:03 jik4.kamens.us dnf[684995]: Error: Failed to download metadata for repo 'epel': Cannot download repomd.xml: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://epel.mirror.constant.com/8/Everything/x86_64/repodata/repomd.xml [SSL certificate problem: certificate has expired]
Nov 10 13:38:03 jik4.kamens.us systemd[1]: dnf-makecache.service: Main process exited, code=exited, status=1/FAILURE
Nov 10 13:38:03 jik4.kamens.us systemd[1]: dnf-makecache.service: Failed with result 'exit-code'.
Nov 10 13:38:03 jik4.kamens.us systemd[1]: Failed to start dnf makecache.

It shouldn't give up if there's an SSL certificate error with a mirror. It should switch to a different mirror.
Note You need to log in before you can comment on or make changes to this bug.