Project

Profile

Help

Actions
Send by e-mail Copy link

Issue #476

closed

pulp does not run on Fedora 21 beta

Added by rbarlow about 9 years ago. Updated about 5 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
High
Assignee:
cduryee
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Master
Platform Release:
2.6.0
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

The Pulp bindings explicitly configure an m2crypto SSL Context() object with 'sslv3'. My theory is that this is conflicting with Fedora 21+'s new crypto policies[0], which disallow certain cryptography operations by default. I've not dug into the problems deeply enought to be sure of this, but I do know that this context is causing this traceback in Fedora rawhide:

2014-07-24 15:51:35,871 - ERROR - Client-side exception occurred
Traceback (most recent call last):
File "/home/rbarlow/devel/pulp/pulp/client_lib/pulp/client/extensions/core.py", line 478, in run
exit_code = Cli.run(self, args)
File "/usr/lib/python2.7/site-packages/okaara/cli.py", line 974, in run
exit_code = command_or_section.execute(self.prompt, remaining_args)
File "/home/rbarlow/devel/pulp/pulp/client_lib/pulp/client/extensions/extensions.py", line 224, in execute
return self.method(arg_list, **clean_kwargs)
File "/home/rbarlow/devel/pulp/pulp/client_lib/pulp/client/commands/repo/cudl.py", line 342, in run
self.display_repositories(*kwargs)
File "/home/rbarlow/devel/pulp/pulp/client_lib/pulp/client/commands/repo/cudl.py", line 370, in display_repositories
repo_list = self.get_repositories(query_params, **kwargs)
File "/home/rbarlow/devel/pulp/pulp_rpm/extensions_admin/pulp_rpm/extensions/admin/repo_list.py", line 24, in get_repositories
all_repos = self._all_repos(query_params, **kwargs)
File "/home/rbarlow/devel/pulp/pulp_rpm/extensions_admin/pulp_rpm/extensions/admin/repo_list.py", line 66, in _all_repos
self.all_repos_cache = self.context.server.repo.repositories(query_params).response_body
File "/home/rbarlow/devel/pulp/pulp/bindings/pulp/bindings/repository.py", line 34, in repositories
return self.server.GET (path, query_parameters)
File "/home/rbarlow/devel/pulp/pulp/bindings/pulp/bindings/server.py", line 85, in GET
return self._request('GET', path, queries)
File "/home/rbarlow/devel/pulp/pulp/bindings/pulp/bindings/server.py", line 135, in _request
response_code, response_body = self.server_wrapper.request(method, url, body)
File "/home/rbarlow/devel/pulp/pulp/bindings/pulp/bindings/server.py", line 285, in request
connection.request(method, url, body=body, headers=headers)
File "/usr/lib64/python2.7/httplib.py", line 995, in request
self._send_request(method, url, body, headers)
File "/usr/lib64/python2.7/httplib.py", line 1029, in _send_request
self.endheaders(body)
File "/usr/lib64/python2.7/httplib.py", line 991, in endheaders
self._send_output(message_body)
File "/usr/lib64/python2.7/httplib.py", line 844, in _send_output
self.send(msg)
File "/usr/lib64/python2.7/httplib.py", line 806, in send
self.connect()
File "/usr/lib64/python2.7/site-packages/M2Crypto/httpslib.py", line 58, in connect
sock.connect((self.host, self.port))
File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 185, in connect
ret = self.connect_ssl()
File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 178, in connect_ssl
return m2.ssl_connect(self.ssl, self._timeout)
SSLError: sslv3 alert handshake failure

For connections that don't use a context at all, m2crypto is able to connect to the Pulp server correctly. I've also been able to eliminate the server by ensuring that curl and wget are able to accept the Pulp API without issue.

[0] http://fedoraproject.org/wiki/Changes/CryptoPolicy

+ This bug was cloned from Bugzilla Bug #1123515 +

Actions
Send by e-mail Copy link

Also available in: Atom PDF