Using yum to access Certificate-based CDN content via HTTP proxy encountering 'M2Crypto.SSL.SSLError: unexpected eof' on RHEL5 and '[Errno 14] problem making ssl connection' on RHEL6
Issue
- Systems register fine to certificate-based RHN via the HTTP proxy
- However encountering SSL errors when getting content with yum via the HTTP proxy
- Error on RHEL5 system:
root@rhel5:~# yum check-update
Loaded plugins: downloadonly, katello, product-id, subscription-manager
Updating certificate-based repositories.
Traceback (most recent call last):
File "/usr/bin/yum", line 29, in ?
yummain.user_main(sys.argv[1:], exit_code=True)
File "/usr/share/yum-cli/yummain.py", line 309, in user_main
errcode = main(args)
File "/usr/share/yum-cli/yummain.py", line 178, in main
result, resultmsgs = base.doCommands()
File "/usr/share/yum-cli/cli.py", line 345, in doCommands
self._getTs(needTsRemove)
File "/usr/lib/python2.4/site-packages/yum/depsolve.py", line 101, in _getTs
self._getTsInfo(remove_only)
File "/usr/lib/python2.4/site-packages/yum/depsolve.py", line 112, in _getTsInfo
pkgSack = self.pkgSack
File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 662, in <lambda>
pkgSack = property(fget=lambda self: self._getSacks(),
File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 502, in _getSacks
self.repos.populateSack(which=repos)
File "/usr/lib/python2.4/site-packages/yum/repos.py", line 260, in populateSack
sack.populate(repo, mdtype, callback, cacheonly)
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 168, in populate
if self._check_db_version(repo, mydbtype):
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 226, in _check_db_version
return repo._check_db_version(mdtype)
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1226, in _check_db_version
repoXML = self.repoXML
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1399, in <lambda>
repoXML = property(fget=lambda self: self._getRepoXML(),
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1391, in _getRepoXML
self._loadRepoXML(text=self)
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1381, in _loadRepoXML
return self._groupLoadRepoXML(text, ["primary"])
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1365, in _groupLoadRepoXML
if self._commonLoadRepoXML(text):
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1201, in _commonLoadRepoXML
result = self._getFileRepoXML(local, text)
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 974, in _getFileRepoXML
cache=self.http_caching == 'all')
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 811, in _getFile
http_headers=headers,
File "/usr/lib/python2.4/site-packages/urlgrabber/mirror.py", line 412, in urlgrab
return self._mirror_try(func, url, kw)
File "/usr/lib/python2.4/site-packages/urlgrabber/mirror.py", line 398, in _mirror_try
return func_ref( *(fullurl,), **kwargs )
File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 936, in urlgrab
return self._retry(opts, retryfunc, url, filename)
File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 854, in _retry
r = apply(func, (opts,) + args, {})
File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 922, in retryfunc
fo = URLGrabberFileObject(url, filename, opts)
File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 1010, in __init__
self._do_open()
File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 1093, in _do_open
fo, hdr = self._make_request(req, opener)
File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 1202, in _make_request
fo = opener.open(req)
File "/usr/lib64/python2.4/urllib2.py", line 358, in open
response = self._open(req, data)
File "/usr/lib64/python2.4/urllib2.py", line 376, in _open
'_open', req)
File "/usr/lib64/python2.4/urllib2.py", line 337, in _call_chain
result = func(*args)
File "/usr/lib64/python2.4/site-packages/M2Crypto/m2urllib2.py", line 82, in https_open
h.request(req.get_method(), req.get_selector(), req.data, headers)
File "/usr/lib64/python2.4/httplib.py", line 810, in request
self._send_request(method, url, body, headers)
File "/usr/lib64/python2.4/httplib.py", line 833, in _send_request
self.endheaders()
File "/usr/lib64/python2.4/site-packages/M2Crypto/httpslib.py", line 149, in endheaders
HTTPSConnection.endheaders(self)
File "/usr/lib64/python2.4/httplib.py", line 804, in endheaders
self._send_output()
File "/usr/lib64/python2.4/httplib.py", line 685, in _send_output
self.send(msg)
File "/usr/lib64/python2.4/httplib.py", line 652, in send
self.connect()
File "/usr/lib64/python2.4/site-packages/M2Crypto/httpslib.py", line 165, in connect
self._start_ssl()
File "/usr/lib64/python2.4/site-packages/M2Crypto/httpslib.py", line 183, in _start_ssl
self.sock.connect_ssl()
File "/usr/lib64/python2.4/site-packages/M2Crypto/SSL/Connection.py", line 167, in connect_ssl
return m2.ssl_connect(self.ssl, self._timeout)
M2Crypto.SSL.SSLError: unexpected eof
- Error on RHEL6 system:
root@rhel6:~# yum list
Loaded plugins: downloadonly, product-id, subscription-manager
Updating certificate-based repositories.
rhel-6-server-rpms | 3.7 kB 00:00
https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/os/repodata/4191f49633d7d23b6703b7473ef3a8df8dbfc42b-primary.sqlite.bz2: [Errno 14] problem making ssl connection
Trying other mirror.
https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/os/repodata/4191f49633d7d23b6703b7473ef3a8df8dbfc42b-primary.sqlite.bz2: [Errno 14] problem making ssl connection
Trying other mirror.
Error: failure: repodata/4191f49633d7d23b6703b7473ef3a8df8dbfc42b-primary.sqlite.bz2 from rhel-6-server-rpms: [Errno 256] No more mirrors to try.
- Accessing the RHN Classic CDN works fine via the HTTP proxy however, fails without proxy.
- The problem occurs even from the proxy itself - it can't access content on the certificate based CDN and encounters the same problem.
Environment
- Red Hat Enterprise Linux 5
- Red Hat Enterprise Linux 6
- Certificate-based CDN
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.