[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-buildsys-list
Subject: kojira won't start ssl cert verify fails
From: Noah_Rømer <baronmog () gmail ! com>
Date: 2016-06-06 17:59:06
Message-ID: CA+7fRCxWAcM7Nzir6YLPkJ=x4trVsyUxKaC-GpJq8fUYnteOrg () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Trying to get kojira to start up, with a new cert (using the instructions
for a self hosted CA on the koji server). Koji version 1.9.0-5 on a Centos
6.6 box. I get the following error:
Traceback (most recent call last):
File "/usr/sbin/kojira", line 743, in <module>
session.ssl_login(options.cert, options.ca, options.serverca)
File "/usr/lib/python2.6/site-packages/koji/__init__.py", line 1729, in
ssl_login
sinfo = self.callMethod('sslLogin', proxyuser)
File "/usr/lib/python2.6/site-packages/koji/__init__.py", line 1778, in
callMethod
return self._callMethod(name, args, opts)
File "/usr/lib/python2.6/site-packages/koji/__init__.py", line 1898, in
_callMethod
return self._sendCall(handler, headers, request)
File "/usr/lib/python2.6/site-packages/koji/__init__.py", line 1809, in
_sendCall
return self._sendOneCall(handler, headers, request)
File "/usr/lib/python2.6/site-packages/koji/__init__.py", line 1827, in
_sendOneCall
cnx.endheaders()
File "/usr/lib64/python2.6/httplib.py", line 908, in endheaders
self._send_output()
File "/usr/lib64/python2.6/httplib.py", line 780, in _send_output
self.send(msg)
File "/usr/lib64/python2.6/httplib.py", line 759, in send
self.sock.sendall(str)
File "/usr/lib/python2.6/site-packages/koji/ssl/SSLConnection.py", line
108, in sendall
sent = con.send(data, flags)
OpenSSL.SSL.Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',
'certificate verify failed')]
If I run openssl from the command line, to verify the cert, it succeeds:
# openssl verify -CAfile /etc/pki/koji/koji_ca_cert.crt
/etc/pki/koji/certs/kojira.cer
/etc/pki/koji/certs/kojira.cer: OK
The cert in question is SHA256/RSA4096 (matching the params of the certs
we've previously used).
--
Squirrels are the lunatic teenagers of the animal kingdom.
[Attachment #5 (text/html)]
<div dir="ltr"><div><div>Trying to get kojira to start up, with a new cert (using the \
instructions for a self hosted CA on the koji server). Koji version 1.9.0-5 on a \
Centos 6.6 box. I get the following error:<br><br>Traceback (most recent call \
last):<br> File "/usr/sbin/kojira", line 743, in <module><br> \
session.ssl_login(options.cert, <a href="http://options.ca">options.ca</a>, \
options.serverca)<br> File \
"/usr/lib/python2.6/site-packages/koji/__init__.py", line 1729, in \
ssl_login<br> sinfo = self.callMethod('sslLogin', proxyuser)<br> File \
"/usr/lib/python2.6/site-packages/koji/__init__.py", line 1778, in \
callMethod<br> return self._callMethod(name, args, opts)<br> File \
"/usr/lib/python2.6/site-packages/koji/__init__.py", line 1898, in \
_callMethod<br> return self._sendCall(handler, headers, request)<br> File \
"/usr/lib/python2.6/site-packages/koji/__init__.py", line 1809, in \
_sendCall<br> return self._sendOneCall(handler, headers, request)<br> File \
"/usr/lib/python2.6/site-packages/koji/__init__.py", line 1827, in \
_sendOneCall<br> cnx.endheaders()<br> File \
"/usr/lib64/python2.6/httplib.py", line 908, in endheaders<br> \
self._send_output()<br> File "/usr/lib64/python2.6/httplib.py", line 780, \
in _send_output<br> self.send(msg)<br> File \
"/usr/lib64/python2.6/httplib.py", line 759, in send<br> \
self.sock.sendall(str)<br> File \
"/usr/lib/python2.6/site-packages/koji/ssl/SSLConnection.py", line 108, in \
sendall<br> sent = con.send(data, flags)<br>OpenSSL.SSL.Error: [('SSL \
routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify \
failed')]<br><br></div>If I run openssl from the command line, to verify the \
cert, it succeeds:<br><br># openssl verify -CAfile /etc/pki/koji/koji_ca_cert.crt \
/etc/pki/koji/certs/kojira.cer<br><br>/etc/pki/koji/certs/kojira.cer: \
OK<br><br></div>The cert in question is SHA256/RSA4096 (matching the params of the \
certs we've previously used).<br clear="all"><div><div><div><br>-- <br><div \
class="gmail_signature" data-smartmail="gmail_signature"><div \
dir="ltr"><div>Squirrels are the lunatic teenagers of the animal \
kingdom.<br></div></div></div> </div></div></div></div>
[Attachment #6 (text/plain)]
--
buildsys mailing list
buildsys@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/buildsys@lists.fedoraproject.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic