Bug 75972 - Red Hat Update Agent Fails with SSL Errors
Summary: Red Hat Update Agent Fails with SSL Errors
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: up2date
Version: 4.0
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Matt Jamison
QA Contact: Fanny Augustin
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-10-15 12:48 UTC by Need Real Name
Modified: 2007-11-30 22:07 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2002-10-25 20:47:08 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Need Real Name 2002-10-15 12:48:34 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020830

Description of problem:
Red Hat Linux release 8.0 (Psyche)
i686

Red Hat Update Agent Fails with SSL Errors

Ran through initially using GNOME System Tools >> Red Hat Network

"Problem registering user name"

Per FAQ on RHN checked parameters using "up2date --configure --nox"

should be >>
serverURL: https://www.rhns.redhat.com/XMLRPC
noSSLserverURL: http://www.rhns.redhat.com/XMLRPC

both (were) wrong.  

serverURL: https://xmlrpc.rhn.redhat.com/XMLRPC
noSSLserverURL: http://xmlrpc.rhn.redhat.com/XMLRPC

I was able to correct

noSSLserverURL

but whenever I try to correct serverURL (shown below)

10. serverURL          https://xmlrpc.rhn.redhat.com/XMLRPC

I get

SSL.Error [('SSL routines', 'SSL23_WRITE', 'ssl handshake failure')]


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Accessing Web via Proxy
2. No problems accessing HTTP or HTTPS
3. Gnome System Tools >> Red Hat Network
4. Run through data entry
5. "Problem registering user name"

Actual Results:  SSL Error shown above using command line

in GNOME after walking through the Red Hat Network Process I get a  "Problem
registering user name" at the end of the wizard

desktop then question mark with "error connecting to RHN"



Expected Results:  RHN Registered and system details transferred to RHN

Additional info:

See Full listing of "up2date --configure --nox"

[Kevin@Gateway Kevin]$ up2date --configure --nox
You are attempting to run "up2date" which requires administrative
privileges, but more information is needed in order to do so.
Password for root:
0.  debug              No
1.  isatty             Yes
2.  depslist           []
3.  networkSetup       Yes
4.  retrieveOnly       No
5.  enableRollbacks    No
6.  pkgSkipList        ['kernel*']
7.  storageDir         /var/spool/up2date
8.  adminAddress       ['root@localhost']
9.  noBootLoader       No
10. serverURL          https://xmlrpc.rhn.redhat.com/XMLRPC
11. fileSkipList       []
12. sslCACert          /usr/share/rhn/RHNS-CA-CERT
13. noReplaceConfig    Yes
14. useNoSSLForPackage No
15. systemIdPath       /etc/sysconfig/rhn/systemid
16. enableProxyAuth    No
17. retrieveSource     No
18. versionOverride
19. headerFetchCount   10
20. networkRetries     Yes
21. enableProxy        Yes
22. proxyPassword
23. noSSLServerURL     http://www.rhns.redhat.com/XMLRPC
24. keepAfterInstall   No
25. proxyUser
26. removeSkipList     ['kernel*']
27. useGPG             Yes
28. gpgKeyRing         /etc/sysconfig/rhn/up2date-keyring.gpg
29. httpProxy          10.10.10.25:1111
30. headerCacheSize    40
31. forceInstall       No


Enter number of item to edit <return to exit, q to quit without saving>: 10
There was an error
SSL.Error [('SSL routines', 'SSL23_WRITE', 'ssl handshake failure')]
0.  debug              No
1.  isatty             Yes
2.  networkRetries     Yes
3.  depslist           []
4.  networkSetup       Yes
5.  retrieveOnly       No
6.  enableRollbacks    No
7.  pkgSkipList        ['kernel*']
8.  storageDir         /var/spool/up2date
9.  adminAddress       ['root@localhost']
10. noBootLoader       No
11. serverURL          https://xmlrpc.rhn.redhat.com/XMLRPC
12. fileSkipList       []
13. sslCACert          /usr/share/rhn/RHNS-CA-CERT
14. noReplaceConfig    Yes
15. useNoSSLForPackage No
16. systemIdPath       /etc/sysconfig/rhn/systemid
17. enableProxyAuth    No
18. retrieveSource     No
19. versionOverride
20. headerFetchCount   10
21. enableProxy        Yes
22. proxyPassword
23. noSSLServerURL     http://www.rhns.redhat.com/XMLRPC
24. keepAfterInstall   No
25. proxyUser
26. removeSkipList     ['kernel*']
27. useGPG             Yes
28. gpgKeyRing         /etc/sysconfig/rhn/up2date-keyring.gpg
29. httpProxy          10.10.10.25:1111
30. headerCacheSize    40
31. forceInstall       No

Comment 1 Josef Komenda 2002-10-24 21:10:30 UTC
The faq is slightly out of date - xmlrpc.rhn.redhat.com is correct. I've updated
the FAQ. Please try again, with a different username.

Comment 2 Need Real Name 2002-10-25 20:00:12 UTC
No joy (I had tried that anyway prior to raising the problem).  Have
subsequently tried again - no joy.

Additional points of interest:
1) rhn_register --configure (suggested in the FAQ) is not found on my system
(clean install) . . . where is this ? . . .
2) the privacy statement is a blank page (no text at all in the box) within the
wizard

. . . anything else I can check on this end ?

Comment 3 Mihai Ibanescu 2002-10-25 20:08:20 UTC
You may also want to check the system's date. SSL is subject to failures if big
time skews occur.

If this does not help either, please paste the output of:

/usr/sbin/stunnel -r xmlrpc.rhn.redhat.com:443 -cf -v 2 -A
/usr/share/rhn/RHNS-CA-CERT

(one line, of course). This might give us an indication of what can be wrong.

Comment 4 Need Real Name 2002-10-25 20:36:28 UTC
Per suggestion:
/usr/sbin/stunnel -r xmlrpc.rhn.redhat.com:443 -cf -v 2 -A
/usr/share/rhn/RHNS-CA-CERT
2002.10.26 06:35:14 LOG3[11454:8192]: gethostbyname: Resource temporarily
unavailable (11)

also tried (per new FAQ):
    - make sure that your system can communicate with RHN via SSL (port 443).
telnet xmlrpc.rhn.redhat.com 443
telnet: xmlrpc.rhn.redhat.com: Temporary failure in name resolution
xmlrpc.rhn.redhat.com: Host name lookup failure

accessing xmlrpc.rhn.redhat.com in mozilla works file (returns "Red Hat Network"

Comment 5 Mihai Ibanescu 2002-10-25 20:47:01 UTC
Clearly DNS problems. Check your /etc/resolv.conf for 'nameserver' lines, make
sure the name servers listed there are valid, try 'telnet xmlrpc.rhn.redhat.com
443' again.

Comment 6 Need Real Name 2002-10-27 03:12:48 UTC
Correct . . . was dns issues.  Running Winroute on the gateway and all is now
well.  Many thanks for the suggestions / information.


Note You need to log in before you can comment on or make changes to this bug.