RHUI CDS クライアントがアップデートに失敗し、M2Crypto.SSL.SSLError: tlsv1 alert decrypt error が発生する
Issue
RHUA インフラストラクチャーに SSL 証明書を再構築し、Rhel5 および Rhel6 アップデートに対してクライアントの RPM を再構築する必要があります。"yum update" でアップデートをインストールすると以下のエラーが発生します。
Redhat 5 client :
[root@localhost ~]# yum update
Loaded plugins: rhui-lb, security
Traceback (most recent call last):
File "/usr/bin/yum", line 29, in ?
yummain.user_main(sys.argv[1:], exit_code=True)
File "/usr/share/yum-cli/yummain.py", line 309, in user_main
errcode = main(args)
File "/usr/share/yum-cli/yummain.py", line 178, in main
result, resultmsgs = base.doCommands()
File "/usr/share/yum-cli/cli.py", line 345, in doCommands
self._getTs(needTsRemove)
File "/usr/lib/python2.4/site-packages/yum/depsolve.py", line 101, in _getTs
self._getTsInfo(remove_only)
File "/usr/lib/python2.4/site-packages/yum/depsolve.py", line 112, in _getTsInfo
pkgSack = self.pkgSack
File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 662, in <lambda>
pkgSack = property(fget=lambda self: self._getSacks(),
File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 502, in _getSacks
self.repos.populateSack(which=repos)
File "/usr/lib/python2.4/site-packages/yum/repos.py", line 260, in populateSack
sack.populate(repo, mdtype, callback, cacheonly)
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 168, in populate
if self._check_db_version(repo, mydbtype):
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 226, in _check_db_version
return repo._check_db_version(mdtype)
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1226, in _check_db_version
repoXML = self.repoXML
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1399, in <lambda>
repoXML = property(fget=lambda self: self._getRepoXML(),
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1391, in _getRepoXML
self._loadRepoXML(text=self)
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1381, in _loadRepoXML
return self._groupLoadRepoXML(text, ["primary"])
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1365, in _groupLoadRepoXML
if self._commonLoadRepoXML(text):
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1201, in _commonLoadRepoXML
result = self._getFileRepoXML(local, text)
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 974, in _getFileRepoXML
cache=self.http_caching == 'all')
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 811, in _getFile
http_headers=headers,
File "/usr/lib/python2.4/site-packages/urlgrabber/mirror.py", line 412, in urlgrab
return self._mirror_try(func, url, kw)
File "/usr/lib/python2.4/site-packages/urlgrabber/mirror.py", line 398, in _mirror_try
return func_ref( *(fullurl,), **kwargs )
File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 936, in urlgrab
return self._retry(opts, retryfunc, url, filename)
File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 854, in _retry
r = apply(func, (opts,) + args, {})
File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 922, in retryfunc
fo = URLGrabberFileObject(url, filename, opts)
File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 1010, in __init__
self._do_open()
File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 1093, in _do_open
fo, hdr = self._make_request(req, opener)
File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 1202, in _make_request
fo = opener.open(req)
File "/usr/lib/python2.4/urllib2.py", line 358, in open
response = self._open(req, data)
File "/usr/lib/python2.4/urllib2.py", line 376, in _open
'_open', req)
File "/usr/lib/python2.4/urllib2.py", line 337, in _call_chain
result = func(*args)
File "/usr/lib/python2.4/site-packages/M2Crypto/m2urllib2.py", line 83, in https_open
r = h.getresponse()
File "/usr/lib/python2.4/httplib.py", line 872, in getresponse
response.begin()
File "/usr/lib/python2.4/httplib.py", line 336, in begin
version, status, reason = self._read_status()
File "/usr/lib/python2.4/httplib.py", line 294, in _read_status
line = self.fp.readline()
File "/usr/lib/python2.4/socket.py", line 325, in readline
data = recv(1)
File "/usr/lib/python2.4/site-packages/M2Crypto/SSL/Connection.py", line 217, in read
return self._read_bio(size)
File "/usr/lib/python2.4/site-packages/M2Crypto/SSL/Connection.py", line 202, in _read_bio
return m2.ssl_read(self.ssl, size, self._timeout)
M2Crypto.SSL.SSLError: tlsv1 alert decrypt error
Redhat 6 クライアント:
[root@localhost product]# yum update
Loaded plugins: rhui-lb
https://rhua.cloud.com/pulp/repos///content/dist/rhel/rhui/server/6/6Server/i386/optional/os/repodata/repomd.xml:[Errno 14] PYCURL ERROR 22 - "The requested URL returned error:503"
Trying other mirror.
https://rhua.cloud.com/pulp/repos///content/dist/rhel/rhui/server/6/6Server/i386/optional/os/repodata/repomd.xml:[Errno 14] PYCURL ERROR 56 - "SSL read: errno -12192"
Trying other mirror.
Error:Cannot retrieve repository metadata (repomd.xml) for repository: rhui-rhel-6-server-rhui-optional-rpms.Please verify its path and try again
I also see the following in the web server logs on the CDS servers :
[Thu Dec 12 15:36:04 2013] [error] [client 10.0.0.0] Certificate Verification:Error (7): certificate signature failure
[Thu Dec 12 15:36:04 2013] [error] [client 10.0.0.0] Re-negotiation handshake failed:Not accepted by client!?
[Thu Dec 12 15:36:16 2013] [error] [client 10.0.0.0] Certificate Verification:Error (7): certificate signature failure
[Thu Dec 12 15:36:16 2013] [error] [client 10.0.0.0] Re-negotiation handshake failed:Not accepted by client!?
[Thu Dec 12 15:43:46 2013] [error] [client 10.0.0.0] Certificate Verification:Error (7): certificate signature failure
[Thu Dec 12 15:43:46 2013] [error] [client 10.0.0.0] Re-negotiation handshake failed:Not accepted by client!?
何が問題ですか?
Environment
- Red Hat Update Infrastructure 2.1
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Close
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.