------------------------------------------------ Description of problem: ------------------------------------------------ Access to a ssl enabled local repository works fine without proxy Access to a ssl enabled local repository with proxy doens't works Repo-file: [privEL] name=privEL-$releasever - Base #mirrorlist=https://priv.local/privEL/centos/?release=$releasever&arch=$basearch&repo=os baseurl=https://35uvi7324657e65ufztf9:8utf7tfzfd5ezstrc3246@priv.local/privEL/centos/$releasever/os/$basearch/ gpgcheck=0 #gpgkey=https://priv.local/privEL/centos/RPM-GPG-KEY-privEL-5 enabled=0 CLI: [root@l ~]# yum --noplugins --enablerepo=privEL update https://priv.local/privEL/centos/5/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 400: Bad Request Trying other mirror. Error: Cannot retrieve repository metadata (repomd.xml) for repository: privEL. Please verify its path and try again Proxys Log says: 2009/02/19 12:06:25| fwdDispatch: Cannot retrieve 'https://priv.local/privEL/centos/5/os/x86_64/repodata/repomd.xml' 1235042076.819 10 213.160.26.73 TCP_MISS/400 2189 GET https://priv.local/privEL/centos/5/os/x86_64/repodata/repomd.xml - DIRECT/88.84.156.90 text/html See also: http://man.chinaunix.net/newsoft/squid/Squid_FAQ/FAQ-11.html#ss11.34 ------------------------------------------------ Version-Release number of selected component (if applicable): ------------------------------------------------ yum-3.2.8-9.el5 ------------------------------------------------ How reproducible: ------------------------------------------------ Add repo file above and proxy=http://proxy:3128 into yum.conf and execute yum --enablerepo=privEL update ------------------------------------------------ Actual results: ------------------------------------------------ [root@l ~]# yum --noplugins --enablerepo=privEL update https://priv.local/privEL/centos/5/os/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 400: Bad Request Trying other mirror. Error: Cannot retrieve repository metadata (repomd.xml) for repository: privEL. Please verify its path and try again "[Errno 14] HTTP Error 400" http ??? ------------------------------------------------ Expected results: ------------------------------------------------ Should connect to proxy correctly and get repomd.xml Without proxy works fine!
The usability of the proxy is as follows confirmed with curl: CLI: $ export https_proxy=http://proxy:3128 $ curl --insecure https://priv.local/privEL/centos/5/os/x86_64/repodata/repomd.xml connects through the proxy. It doens't matter if i use basic http authentication or not: https://35uvi7324657e65ufztf9:8utf7tfzfd5ezstrc3246@priv.local/privEL/centos/5/os/x86_64/repodata/repomd.xml https://priv.local/privEL/centos/5/os/x86_64/repodata/repomd.xml both are usable (if i change the config of repos webserver of course) Regards P.M.
Not sure if this is related: http://bugs.python.org/issue1424152
https://bugzilla.redhat.com/show_bug.cgi?id=484491 the last 2 comments. Not for rhel5 - but something for the future.
This should be fixed for RHEL-6. This request was evaluated by Red Hat Engineering for inclusion in a Red Hat Enterprise Linux maintenance release. Red Hat does not currently plan to provide this change in a Red Hat Enterprise Linux update release for currently deployed products. With the goal of minimizing risk of change for deployed systems, and in response to customer and partner requirements, Red Hat takes a conservative approach when evaluating enhancements for inclusion in maintenance updates for currently deployed products. The primary objectives of update releases are to enable new hardware platform support and to resolve critical defects.
This is causing a big issue for DISA, and some Department of Defense systems. Just FYSA. Looks bad on Redhat not to fix in 5.x.
(In reply to Leon Fauster from comment #2) > Not sure if this is related: > > http://bugs.python.org/issue1424152 This is the same issue, as in rhel5, urlgrabber uses urllib2. To use HTTP CONNECT tunelling, we'd need a patched Python. Python-2.4.3 shipped in rhel-5.10 does not include the patch (it's included in current Python-2.7 though). rhel-5.10 $ grep 'def set_tunnel' /usr/lib/python*/httplib.py => no match
No additional minor releases are planned for Production Phase 2 in Red Hat Enterprise Linux 5, and therefore Red Hat is closing this bugzilla as it does not meet the inclusion criteria as stated in: https://access.redhat.com/site/support/policy/updates/errata/#Production_2_Phase