Bug 83298 - rhn_check throws SSL.Error
rhn_check throws SSL.Error
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: up2date (Show other bugs)
8.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Adrian Likins
Fanny Augustin
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-02-01 17:04 EST by Boris Folgmann
Modified: 2007-04-18 12:50 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-08-06 19:03:22 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Boris Folgmann 2003-02-01 17:04:06 EST
Description of problem:

rhn_check fails.


Version-Release number of selected component (if applicable):
up2date-3.0.7-1

How reproducible:
everytime

Steps to Reproduce:
1. /usr/sbin/rhn_check -v
2.
3.
    
Actual results:
Traceback (most recent call last):
  File "/usr/sbin/rhn_check", line 237, in ?
    ACTION_VERSION, Status)
  File "/usr/lib/python2.2/xmlrpclib.py", line 821, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib/python2.2/site-packages/rhn/rpclib.py", line 126, in _request
    verbose=self._verbose
  File "/usr/lib/python2.2/site-packages/rhn/transports.py", line 118, in request
    headers, fd = req.send_http(host, handler)
  File "/usr/lib/python2.2/site-packages/rhn/transports.py", line 602, in send_http
    headers=self.headers)
  File "/usr/lib/python2.2/httplib.py", line 537, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.2/httplib.py", line 553, in _send_request
    self.putrequest(method, url)
  File "/usr/lib/python2.2/httplib.py", line 453, in putrequest
    self.send(str)
  File "/usr/lib/python2.2/httplib.py", line 407, in send
    self.sock.sendall(str)
  File "/usr/lib/python2.2/site-packages/rhn/SSL.py", line 185, in write
    sent = self._connection.send(data)
SSL.Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify
failed')]



Expected results:
install packages

Additional info:
worked weeks ago
Comment 1 Adrian Likins 2003-02-03 16:28:48 EST
Can you check the clock on the machine in question?

This looks to be the kind of error I've seen on machines
with badly off sync time clocks.
Comment 2 Boris Folgmann 2003-03-03 11:46:44 EST
The clock is ok. The problem was an overloaded/faulty (?) primary DNS. It
returned always "non existing" for every lookup e.g. nslookup www.zvw.de printed:
Non-authoritative answer:
*** Can't find www.zvw.de: No 

On the next day it worked again. Sadly my ISP could not find any problem with
his DNS. Because the DNS returned "non existing" the local resolver did not try
the secondary server which returned true results according to nslookup.
Comment 3 Rob Boudrie 2003-08-29 23:07:56 EDT
I have the identical problem on my system, but at Red Hat 9.0.  My system clock
is correct and up to date (I reset it using bot the redhat and time-a.nist.gov
time servers, and neither fixed the problem).

Comment 4 Rob Boudrie 2003-08-31 06:34:40 EDT
I have the identical problem on my system, but at Red Hat 9.0.  My system clock
is correct and up to date (I reset it using bot the redhat and time-a.nist.gov
time servers, and neither fixed the problem).
Comment 5 Boris Folgmann 2003-09-01 04:22:41 EDT
Rob, have a look at this, it should help you.

The certificate used by up2date and rhn_register to communicate with the
Red Hat Network reached its end of life on August 28th 2003.  Users
attempting to connect to Red Hat Network will see SSL connection or
certificate verification failures.

New versions of the up2date and rhn_register clients are now available
which are required for continued access to Red Hat Network.

     * RHSA-2003:267 for Red Hat Linux:
       https://rhn.redhat.com/errata/RHSA-2003-267.html

     * RHSA-2003:268 for Red Hat Enterprise Linux:
       https://rhn.redhat.com/errata/RHSA-2003-268.html

New versions of the up2date client that contain the new certificate are
immediately available for download at:

    https://rhn.redhat.com/help/latest-up2date.pxt

For users who would prefer to install the new certificate directly, it is
available at:

    https://rhn.redhat.com/help/ssl_cert.pxt

- -the Red Hat Network Team

Note You need to log in before you can comment on or make changes to this bug.