Bug 75972 - Red Hat Update Agent Fails with SSL Errors
Red Hat Update Agent Fails with SSL Errors
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: up2date (Show other bugs)
4.0
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Matt Jamison
Fanny Augustin
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-10-15 08:48 EDT by Need Real Name
Modified: 2007-11-30 17:07 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-10-25 16:47:08 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2002-10-15 08:48:34 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020830

Description of problem:
Red Hat Linux release 8.0 (Psyche)
i686

Red Hat Update Agent Fails with SSL Errors

Ran through initially using GNOME System Tools >> Red Hat Network

"Problem registering user name"

Per FAQ on RHN checked parameters using "up2date --configure --nox"

should be >>
serverURL: https://www.rhns.redhat.com/XMLRPC
noSSLserverURL: http://www.rhns.redhat.com/XMLRPC

both (were) wrong.  

serverURL: https://xmlrpc.rhn.redhat.com/XMLRPC
noSSLserverURL: http://xmlrpc.rhn.redhat.com/XMLRPC

I was able to correct

noSSLserverURL

but whenever I try to correct serverURL (shown below)

10. serverURL          https://xmlrpc.rhn.redhat.com/XMLRPC

I get

SSL.Error [('SSL routines', 'SSL23_WRITE', 'ssl handshake failure')]


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Accessing Web via Proxy
2. No problems accessing HTTP or HTTPS
3. Gnome System Tools >> Red Hat Network
4. Run through data entry
5. "Problem registering user name"

Actual Results:  SSL Error shown above using command line

in GNOME after walking through the Red Hat Network Process I get a  "Problem
registering user name" at the end of the wizard

desktop then question mark with "error connecting to RHN"



Expected Results:  RHN Registered and system details transferred to RHN

Additional info:

See Full listing of "up2date --configure --nox"

[Kevin@Gateway Kevin]$ up2date --configure --nox
You are attempting to run "up2date" which requires administrative
privileges, but more information is needed in order to do so.
Password for root:
0.  debug              No
1.  isatty             Yes
2.  depslist           []
3.  networkSetup       Yes
4.  retrieveOnly       No
5.  enableRollbacks    No
6.  pkgSkipList        ['kernel*']
7.  storageDir         /var/spool/up2date
8.  adminAddress       ['root@localhost']
9.  noBootLoader       No
10. serverURL          https://xmlrpc.rhn.redhat.com/XMLRPC
11. fileSkipList       []
12. sslCACert          /usr/share/rhn/RHNS-CA-CERT
13. noReplaceConfig    Yes
14. useNoSSLForPackage No
15. systemIdPath       /etc/sysconfig/rhn/systemid
16. enableProxyAuth    No
17. retrieveSource     No
18. versionOverride
19. headerFetchCount   10
20. networkRetries     Yes
21. enableProxy        Yes
22. proxyPassword
23. noSSLServerURL     http://www.rhns.redhat.com/XMLRPC
24. keepAfterInstall   No
25. proxyUser
26. removeSkipList     ['kernel*']
27. useGPG             Yes
28. gpgKeyRing         /etc/sysconfig/rhn/up2date-keyring.gpg
29. httpProxy          10.10.10.25:1111
30. headerCacheSize    40
31. forceInstall       No


Enter number of item to edit <return to exit, q to quit without saving>: 10
There was an error
SSL.Error [('SSL routines', 'SSL23_WRITE', 'ssl handshake failure')]
0.  debug              No
1.  isatty             Yes
2.  networkRetries     Yes
3.  depslist           []
4.  networkSetup       Yes
5.  retrieveOnly       No
6.  enableRollbacks    No
7.  pkgSkipList        ['kernel*']
8.  storageDir         /var/spool/up2date
9.  adminAddress       ['root@localhost']
10. noBootLoader       No
11. serverURL          https://xmlrpc.rhn.redhat.com/XMLRPC
12. fileSkipList       []
13. sslCACert          /usr/share/rhn/RHNS-CA-CERT
14. noReplaceConfig    Yes
15. useNoSSLForPackage No
16. systemIdPath       /etc/sysconfig/rhn/systemid
17. enableProxyAuth    No
18. retrieveSource     No
19. versionOverride
20. headerFetchCount   10
21. enableProxy        Yes
22. proxyPassword
23. noSSLServerURL     http://www.rhns.redhat.com/XMLRPC
24. keepAfterInstall   No
25. proxyUser
26. removeSkipList     ['kernel*']
27. useGPG             Yes
28. gpgKeyRing         /etc/sysconfig/rhn/up2date-keyring.gpg
29. httpProxy          10.10.10.25:1111
30. headerCacheSize    40
31. forceInstall       No
Comment 1 Josef Komenda 2002-10-24 17:10:30 EDT
The faq is slightly out of date - xmlrpc.rhn.redhat.com is correct. I've updated
the FAQ. Please try again, with a different username.
Comment 2 Need Real Name 2002-10-25 16:00:12 EDT
No joy (I had tried that anyway prior to raising the problem).  Have
subsequently tried again - no joy.

Additional points of interest:
1) rhn_register --configure (suggested in the FAQ) is not found on my system
(clean install) . . . where is this ? . . .
2) the privacy statement is a blank page (no text at all in the box) within the
wizard

. . . anything else I can check on this end ?
Comment 3 Mihai Ibanescu 2002-10-25 16:08:20 EDT
You may also want to check the system's date. SSL is subject to failures if big
time skews occur.

If this does not help either, please paste the output of:

/usr/sbin/stunnel -r xmlrpc.rhn.redhat.com:443 -cf -v 2 -A
/usr/share/rhn/RHNS-CA-CERT

(one line, of course). This might give us an indication of what can be wrong.
Comment 4 Need Real Name 2002-10-25 16:36:28 EDT
Per suggestion:
/usr/sbin/stunnel -r xmlrpc.rhn.redhat.com:443 -cf -v 2 -A
/usr/share/rhn/RHNS-CA-CERT
2002.10.26 06:35:14 LOG3[11454:8192]: gethostbyname: Resource temporarily
unavailable (11)

also tried (per new FAQ):
    - make sure that your system can communicate with RHN via SSL (port 443).
telnet xmlrpc.rhn.redhat.com 443
telnet: xmlrpc.rhn.redhat.com: Temporary failure in name resolution
xmlrpc.rhn.redhat.com: Host name lookup failure

accessing xmlrpc.rhn.redhat.com in mozilla works file (returns "Red Hat Network"
Comment 5 Mihai Ibanescu 2002-10-25 16:47:01 EDT
Clearly DNS problems. Check your /etc/resolv.conf for 'nameserver' lines, make
sure the name servers listed there are valid, try 'telnet xmlrpc.rhn.redhat.com
443' again.
Comment 6 Need Real Name 2002-10-26 23:12:48 EDT
Correct . . . was dns issues.  Running Winroute on the gateway and all is now
well.  Many thanks for the suggestions / information.

Note You need to log in before you can comment on or make changes to this bug.