Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 601623 - rhn-client-tools not working in fips mode -OpenSSL.SSL.Error, 'certificate verify failed'
rhn-client-tools not working in fips mode -OpenSSL.SSL.Error, 'certificate ve...
Status: CLOSED DUPLICATE of bug 593811
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: rhn-client-tools (Show other bugs)
6.0
All Linux
high Severity high
: rc
: ---
Assigned To: Milan Zázrivec
Red Hat Satellite QA List
:
Depends On:
Blocks: 582655 559491 559492
  Show dependency treegraph
 
Reported: 2010-06-08 06:49 EDT by Jiri Kastner
Modified: 2010-06-08 09:04 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-06-08 09:04:46 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
up2date log (9.36 KB, text/plain)
2010-06-08 06:49 EDT, Jiri Kastner
no flags Details

  None (edit)
Description Jiri Kastner 2010-06-08 06:49:41 EDT
Created attachment 422137 [details]
up2date log

Description of problem:
all rhn-client-tools fails with same error

Version-Release number of selected component (if applicable):


How reproducible:
always

Steps to Reproduce:
1. disable prelinking in /etc/sysconfig/prelink, run 'prelink -u -a', append to kernel fips=1 to bootloader config file and reboot
2. run any command from rhn-setup{,-gnome} and yum with enabled rhnplugin
3. fails
  
Actual results:
fails with 
<class 'OpenSSL.SSL.Error'>: [('digital envelope routines', 'EVP_DigestInit_ex', 'unknown cipher'), ('asn1 encoding routines', 'ASN1_item_verify', 'EVP lib'), ('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]

Expected results:
works as expected

Additional info:
################################ RHN_REGISTER ###############################################
sudo rhn_register --nox
[sudo] password for jkastner: 
There was an SSL error: [('digital envelope routines', 'EVP_DigestInit_ex', 'unknown cipher'), ('asn1 encoding routines', 'ASN1_item_verify', 'EVP lib'), ('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]
A common cause of this error is the system time being incorrect. Verify that the time on this system is correct.

################################ RHN-CHANNEL ##############################################
sudo rhn-channel -l
Traceback (most recent call last):
  File "/usr/sbin/rhn-channel", line 95, in <module>
    main()
  File "/usr/sbin/rhn-channel", line 85, in main
    channels = map(lambda x: x['label'], getChannels().channels())
  File "/usr/share/rhn/up2date_client/rhnChannel.py", line 99, in getChannels
    up2dateChannels = s.up2date.listChannels(up2dateAuth.getSystemId())
  File "/usr/share/rhn/up2date_client/rhnserver.py", line 50, in __call__
    return rpcServer.doCall(method, *args, **kwargs)
  File "/usr/share/rhn/up2date_client/rpcServer.py", line 204, in doCall
    ret = method(*args, **kwargs)
  File "/usr/lib64/python2.6/xmlrpclib.py", line 1199, in __call__
    return self.__send(self.__name, args)
  File "/usr/share/rhn/up2date_client/rpcServer.py", line 39, in _request1
    ret = self._request(methodname, params)
  File "/usr/lib/python2.6/site-packages/rhn/rpclib.py", line 357, in _request
    self._handler, request, verbose=self._verbose)
  File "/usr/lib/python2.6/site-packages/rhn/transports.py", line 171, in request
    headers, fd = req.send_http(host, handler)
  File "/usr/lib/python2.6/site-packages/rhn/transports.py", line 704, in send_http
    headers=self.headers)
  File "/usr/lib64/python2.6/httplib.py", line 874, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib64/python2.6/httplib.py", line 911, in _send_request
    self.endheaders()
  File "/usr/lib64/python2.6/httplib.py", line 868, in endheaders
    self._send_output()
  File "/usr/lib64/python2.6/httplib.py", line 740, in _send_output
    self.send(msg)
  File "/usr/lib64/python2.6/httplib.py", line 719, in send
    self.sock.sendall(str)
  File "/usr/lib/python2.6/site-packages/rhn/SSL.py", line 217, in write
    sent = self._connection.send(data)
OpenSSL.SSL.Error: [('digital envelope routines', 'EVP_DigestInit_ex', 'unknown cipher'), ('asn1 encoding routines', 'ASN1_item_verify', 'EVP lib'), ('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]

################################## RHNREG_KS #########################################
sudo rhnreg_ks --force --username=rhn-engineering-qe-automation --password=redhatqa --profilename=fips-test-rhel6-jkastner
There was an SSL error: [('digital envelope routines', 'EVP_DigestInit_ex', 'unknown cipher'), ('asn1 encoding routines', 'ASN1_item_verify', 'EVP lib'), ('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]
A common cause of this error is the system time being incorrect. Verify that the time on this system is correct.

########################### YUM + RHNPLUGIN ###################################
sudo yum check-update
Loaded plugins: rhnplugin
Traceback (most recent call last):
  File "/usr/bin/yum", line 29, in <module>
    yummain.user_main(sys.argv[1:], exit_code=True)
  File "/usr/share/yum-cli/yummain.py", line 254, in user_main
    errcode = main(args)
  File "/usr/share/yum-cli/yummain.py", line 88, in main
    base.getOptionsConfig(args)
  File "/usr/share/yum-cli/cli.py", line 192, in getOptionsConfig
    self.conf
  File "/usr/lib/python2.6/site-packages/yum/__init__.py", line 778, in <lambda>
    conf = property(fget=lambda self: self._getConfig(),
  File "/usr/lib/python2.6/site-packages/yum/__init__.py", line 311, in _getConfig
    self.plugins.run('init')
  File "/usr/lib/python2.6/site-packages/yum/plugins.py", line 177, in run
    func(conduitcls(self, self.base, conf, **kwargs))
  File "/usr/share/yum-plugins/rhnplugin.py", line 117, in init_hook
    login_info = up2dateAuth.getLoginInfo()
  File "/usr/share/rhn/up2date_client/up2dateAuth.py", line 219, in getLoginInfo
    login()
  File "/usr/share/rhn/up2date_client/up2dateAuth.py", line 186, in login
    li = server.up2date.login(systemId)
  File "/usr/share/rhn/up2date_client/rhnserver.py", line 50, in __call__
    return rpcServer.doCall(method, *args, **kwargs)
  File "/usr/share/rhn/up2date_client/rpcServer.py", line 204, in doCall
    ret = method(*args, **kwargs)
  File "/usr/lib64/python2.6/xmlrpclib.py", line 1199, in __call__
    return self.__send(self.__name, args)
  File "/usr/share/rhn/up2date_client/rpcServer.py", line 39, in _request1
    ret = self._request(methodname, params)
  File "/usr/lib/python2.6/site-packages/rhn/rpclib.py", line 357, in _request
    self._handler, request, verbose=self._verbose)
  File "/usr/lib/python2.6/site-packages/rhn/transports.py", line 171, in request
    headers, fd = req.send_http(host, handler)
  File "/usr/lib/python2.6/site-packages/rhn/transports.py", line 704, in send_http
    headers=self.headers)
  File "/usr/lib64/python2.6/httplib.py", line 874, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib64/python2.6/httplib.py", line 911, in _send_request
    self.endheaders()
  File "/usr/lib64/python2.6/httplib.py", line 868, in endheaders
    self._send_output()
  File "/usr/lib64/python2.6/httplib.py", line 740, in _send_output
    self.send(msg)
  File "/usr/lib64/python2.6/httplib.py", line 719, in send
    self.sock.sendall(str)
  File "/usr/lib/python2.6/site-packages/rhn/SSL.py", line 217, in write
    sent = self._connection.send(data)
OpenSSL.SSL.Error: [('digital envelope routines', 'EVP_DigestInit_ex', 'unknown cipher'), ('asn1 encoding routines', 'ASN1_item_verify', 'EVP lib'), ('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]
Comment 1 Jiri Kastner 2010-06-08 07:19:33 EDT
against rhn.errata.stage
Comment 2 Milan Zázrivec 2010-06-08 09:04:46 EDT

*** This bug has been marked as a duplicate of bug 593811 ***

Note You need to log in before you can comment on or make changes to this bug.