error "Unable to verfify server identity (SSL) malloc failure

Latest response

v8.1 beta after installation unable to complete subscription registration error. Hence cannot use the OS, please help.

Responses

Hi Samir Shaik,

Can you give us some details on the specific error you received?

I am curious if you are using FIPS by chance?

Regards,

RJ

Looks like same symptom as per the link.

root@rhel#sysctl crypto.fips_enabled

crypto.fips_enabled = 1

File "/usr/lib64/python3.6/http/client.py", line 974, in send self.connect() File "/usr/lib64/python3.6/http/client.py", line 1415, in connect server_hostname=server_hostname) File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket _context=self, _session=session) File "/usr/lib64/python3.6/ssl.py", line 773, in init self.do_handshake() File "/usr/lib64/python3.6/ssl.py", line 1033, in do_handshake self._sslobj.do_handshake() File "/usr/lib64/python3.6/ssl.py", line 645, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL] malloc failure (_ssl.c:877) 2019-08-13 23:38:13,865 [ERROR] subscription-manager:9866:MainThread @managercli.py:215 - Error during registra tion: [SSL] malloc failure (_ssl.c:877) 2019-08-13 23:38:13,866 [ERROR] subscription-manager:9866:MainThread @managercli.py:216 - [SSL] malloc failure (_ssl.c:877) [root@rhel8 ~]#

Please let us know the output of this command, please run this as root:

sysctl crypto.fips_enabled

root@rhel#sysctl crypto.fips_enabled crypto.fips_enabled = 1

Please make sure time synchronization is correct according to this. I doubt this is an issue but am posting it here just in case..

If none of this helps, please post the precise error (Maybe that's the error in the subject line of this discussion you started?).

Please let us know how this goes

Regards

RJ

is this a bug in this version? any ETA for a fix.

Hi Samir Shaik, I suspect the bug is the one I discovered and mentioned in a previous post. I'm curious if your system might be affected by this bug, I'd imagine so. I do not work for Red Hat, so I don't know the ETA. That being said, the Bugzilla is listed as "urgent"

Please run these commands on your system, and see if they resemble/match the output at this Bugzilla https://bugzilla.redhat.com/show_bug.cgi?id=1728361

rpm -q subscription-manager openssl crypto-policies kernel
update-crypto-policies --show
cat /etc/crypto-policies/back-ends/openssl.config 
cat /etc/crypto-policies/back-ends/opensslcnf.config
cat /etc/crypto-policies/back-ends/nss.config 
getenforce
rpm -q platform-python

Does this log /var/log/rhsm/rhsm.log contain any similar output to this bug https://bugzilla.redhat.com/show_bug.cgi?id=1728361?

Something you can do is at grub, change "fips=1" to "fips=0" for a one-time boot then attempt to register your system as you normally would. Then reboot afterwards to enter FIPS mode.

Let us know

Regards

RJ

Samir Shaik,

If you post any output etc, please put it between two instances of tilde characters such as below.

~~~

your code goes here

~~~

More info on formatting at this link

Thanks

RJ

I experienced the same problem with both 8.0 and 8.1 beta. I was installing the Workstation option and I managed to overcome this problem when installing additional packages from the ISO installer. I chose to install basically everything under the Workstation option except for servers and support for secure cards. After that I could complete the registration without this problem. You may want to try this approach before some fix is applied.