Red Hat Bugzilla – Bug 876740
rhn_register TUI should not auto-fail if no ssl cert
Last modified: 2013-03-06 13:34:02 EST
Now that RHN Hosted integration has been ripped out of rhn_register, either the default serverURL should not be https or the rhn_register tui should be trained to not auto-fail if it cannot find the sslCACert. Personally I lean towards leaving the default url (which is now just an example url that does not actually work) as https, because that is the preferred protocol.
However, it is entirely conceivable that the user will modify the url during registration to not be https, so if the ssl cert is not there we should not error at the beginning. Rather, we should throw the error once we try to register with the https url and the ssl cert is not there.
Upon further investigation, updating the error message is the best solution without adding additional screens to the TUI. The TUI right now does not have a screen where you can modify the serverURL, nor does it have a screen where you can identify the SSL cert if it can't find the one in the config file.
Because there is no screen where the user can modify the serverURL, there is never a chance for the user to choose to use http instead of https. The TUI just assumes that the values in /etc/sysconfig/rhn/up2date are correct. So I feel that the best and minimally-invasive change at this point is to simply update the error message to be more descriptive.
I have changed the text below:
ERROR: can not find RHN CA file: /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
Please verify the value of sslCACert in /etc/sysconfig/rhn/up2date
Please verify the values of sslCACert and serverURL in /etc/sysconfig/rhn/up2date. You can either make the serverURL use http instead of https, or you can download the SSL cert from your Satellite, place it in /usr/share/rhn, and ensure sslCACert points to it.
Committed to Spacewalk master: b77d99bbdde73290f242599eb9f08b06a17c5271
(In reply to comment #1)
> Upon further investigation, updating the error message is the best solution
> without adding additional screens to the TUI. The TUI right now does not
> have a screen where you can modify the serverURL, nor does it have a screen
I feel we probably should have this one.
On RHEL 6, starting rhn_register
┌┤ Attempting to contact the Red Hat Network server. ├─┐
│ We are attempting to contact the Red Hat Network ↑ │
│ server at https://xmlrpc.rhn.redhat.com/XMLRPC. ▮ │
as the first screen (without asking anything), and if I remove RHNS-CA-CERT, it fails with
│ ┌───────────┤ Fatal Error ├────────────┐ ▒ │
│ │ │ ▒ │
│ │ ERROR: can not find RHNS CA file: │ ▒ │
│ │ /usr/share/rhn/RHNS-CA-CERT │ ▒ │
│ │ │ ▒ │
│ │ Please verify the value of sslCACert │ ▒ │
│ │ in /etc/sysconfig/rhn/up2date │ ▒ │
│ │ │ ▒ │
│ │ ┌────┐ │ ▒ │
│ │ │ OK │ │ ▒ │
│ │ └────┘ │ ▒ │
│ │ │ ▒ │
│ │ │ ▒ │
│ └──────────────────────────────────────┘ ▒ │
We probably want to replace this initial probe to https://xmlrpc.rhn.redhat.com/XMLRPC with a textfield'ed screen where the user will be able to enter the URL.
I have added a new screen like so:
┌─────────────┤ Enter your Red Hat Network Satellite URL. ├──────────────┐
│ Please enter the location of your Red Hat Network Satellite server and │
│ of its SSL certificate. The SSL certificate is only required if you │
│ will be connecting over https (recommended). │
│ Satellite URL: sherr-desktop.usersys.redhat.com/XMLRPC_ │
│ SSL certificate: /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT_ │
│ ┌──────┐ ┌──────┐ ┌────────┐ │
│ │ Next │ │ Back │ │ Cancel │ │
│ └──────┘ └──────┘ └────────┘ │
This is the first thing you see after the welcome screen, and I have moved the connection test to happen after immediately after this screen and before the login / password info screen.
Committed to Spacewalk master: 8ff6da73dbf04955e57541d93c0dce3d47136d91
I have added a697bc9f58f2b54e41c543ea1789687f16ac8eb0
The Satellite URL will now auto-correct common mistakes, such as leaving off the /XMLRPC or https://. In addition, several messages have been updated to say "Red Hat Network Satellite" instead of "Red Hat Network".
Marking bug as ON_QA since tonight's build of Spacewalk nightly is a release candidate for Spacewalk 1.9.
Spacewalk 1.9 has been released.