Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 83298

Summary: rhn_check throws SSL.Error
Product: [Retired] Red Hat Linux Reporter: Boris Folgmann <boris>
Component: up2dateAssignee: Adrian Likins <alikins>
Status: CLOSED NOTABUG QA Contact: Fanny Augustin <fmoquete>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.0CC: gafton, mihai.ibanescu, rob
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-08-06 23:03:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Boris Folgmann 2003-02-01 22:04:06 UTC
Description of problem:

rhn_check fails.


Version-Release number of selected component (if applicable):
up2date-3.0.7-1

How reproducible:
everytime

Steps to Reproduce:
1. /usr/sbin/rhn_check -v
2.
3.
    
Actual results:
Traceback (most recent call last):
  File "/usr/sbin/rhn_check", line 237, in ?
    ACTION_VERSION, Status)
  File "/usr/lib/python2.2/xmlrpclib.py", line 821, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib/python2.2/site-packages/rhn/rpclib.py", line 126, in _request
    verbose=self._verbose
  File "/usr/lib/python2.2/site-packages/rhn/transports.py", line 118, in request
    headers, fd = req.send_http(host, handler)
  File "/usr/lib/python2.2/site-packages/rhn/transports.py", line 602, in send_http
    headers=self.headers)
  File "/usr/lib/python2.2/httplib.py", line 537, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib/python2.2/httplib.py", line 553, in _send_request
    self.putrequest(method, url)
  File "/usr/lib/python2.2/httplib.py", line 453, in putrequest
    self.send(str)
  File "/usr/lib/python2.2/httplib.py", line 407, in send
    self.sock.sendall(str)
  File "/usr/lib/python2.2/site-packages/rhn/SSL.py", line 185, in write
    sent = self._connection.send(data)
SSL.Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify
failed')]



Expected results:
install packages

Additional info:
worked weeks ago

Comment 1 Adrian Likins 2003-02-03 21:28:48 UTC
Can you check the clock on the machine in question?

This looks to be the kind of error I've seen on machines
with badly off sync time clocks.

Comment 2 Boris Folgmann 2003-03-03 16:46:44 UTC
The clock is ok. The problem was an overloaded/faulty (?) primary DNS. It
returned always "non existing" for every lookup e.g. nslookup www.zvw.de printed:
Non-authoritative answer:
*** Can't find www.zvw.de: No 

On the next day it worked again. Sadly my ISP could not find any problem with
his DNS. Because the DNS returned "non existing" the local resolver did not try
the secondary server which returned true results according to nslookup.


Comment 3 Rob Boudrie 2003-08-30 03:07:56 UTC
I have the identical problem on my system, but at Red Hat 9.0.  My system clock
is correct and up to date (I reset it using bot the redhat and time-a.nist.gov
time servers, and neither fixed the problem).



Comment 4 Rob Boudrie 2003-08-31 10:34:40 UTC
I have the identical problem on my system, but at Red Hat 9.0.  My system clock
is correct and up to date (I reset it using bot the redhat and time-a.nist.gov
time servers, and neither fixed the problem).

Comment 5 Boris Folgmann 2003-09-01 08:22:41 UTC
Rob, have a look at this, it should help you.

The certificate used by up2date and rhn_register to communicate with the
Red Hat Network reached its end of life on August 28th 2003.  Users
attempting to connect to Red Hat Network will see SSL connection or
certificate verification failures.

New versions of the up2date and rhn_register clients are now available
which are required for continued access to Red Hat Network.

     * RHSA-2003:267 for Red Hat Linux:
       https://rhn.redhat.com/errata/RHSA-2003-267.html

     * RHSA-2003:268 for Red Hat Enterprise Linux:
       https://rhn.redhat.com/errata/RHSA-2003-268.html

New versions of the up2date client that contain the new certificate are
immediately available for download at:

    https://rhn.redhat.com/help/latest-up2date.pxt

For users who would prefer to install the new certificate directly, it is
available at:

    https://rhn.redhat.com/help/ssl_cert.pxt

- -the Red Hat Network Team