rhn_register fails with "OpenSSL.SSL.Error: []" error

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux (RHEL)
  • RHN Classic
  • Red Hat Satellite 5
  • Red Hat Network Satellite 5
  • Red Hat Network Proxy 5

Issue

  • rhn_register command fails with "OpenSSL.SSL.Error: []" error.

Resolution

Make sure that the certificate used in /etc/sysconfig/rhn/up2date is the correct one for your source :

If using RHN

The certificate should be the one provided by rhn-client-tools :

# rpm -V rhn-client-tools

should not display that the file /usr/share/rhn/RHNS-CA-CERT has been altered - the command will only output files altered. see man rpm for more details on how to read the output.

Make sure that your /etc/sysconfig/rhn/up2date file uses the two following values if connecting to RHN :

ServerURL=https://xmlrpc.rhn.redhat.com/XMLRPC
sslCACert=/usr/share/rhn/RHNS-CA-CERT

If you need to go through a proxy configure the proxy settings as well, also located in the same file.

If using a satellite or rhn proxy :

The certificate you need to use is located on your satellite or rhn proxy at the following url :

# SAT=satellite.example.com
# wget http://$SAT/pub/RHN-ORG-TRUSTED-SSL-CERT -O /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

Replace satellite.example.com with the fqdn associated with your satellite or proxy. After downloading the certificate edit the /etc/sysconfig/rhn/up2date to use following values :

ServerURL=https://satellite.example.com/XMLRPC
sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

Replace the satellite.example.com part with the correct fqdn for your rhn proxy/satellite

Root Cause

An error prevents the system from reading the certificate specified in /etc/sysconfig/rhn/up2date or as sslCACert parameter of rhnreg_ks.

Diagnostic Steps

  • in the /var/log/up2date of the affected system :

    # cat up2date
 rhn_register
Traceback (most recent call last):
  File "/usr/share/rhn/up2date_client/rhnregGui.py", line 1705, in callAndFilter                                            Exceptions
    return function()
  File "/usr/share/rhn/up2date_client/rhnregGui.py", line 331, in _chooseServerP                                            ageApply
    rhnreg.privacyText()
  File "/usr/share/rhn/up2date_client/rhnreg.py", line 319, in privacyText
    return s.registration.privacy_statement()
  File "/usr/share/rhn/up2date_client/rhnserver.py", line 50, in __call__
    return rpcServer.doCall(method, *args, **kwargs)
  File "/usr/share/rhn/up2date_client/rpcServer.py", line 194, in doCall
    ret = method(*args, **kwargs)
  File "/usr/lib64/python2.4/xmlrpclib.py", line 1096, in __call__
    return self.__send(self.__name, args)
  File "/usr/share/rhn/up2date_client/rpcServer.py", line 38, in _request1
    ret = self._request(methodname, params)
  File "/usr/lib/python2.4/site-packages/rhn/rpclib.py", line 319, in _request
    request, verbose=self._verbose)
  File "/usr/lib/python2.4/site-packages/rhn/transports.py", line 171, in reques                                            t
    headers, fd = req.send_http(host, handler)
  File "/usr/lib/python2.4/site-packages/rhn/transports.py", line 698, in send_h                                            ttp
    self._connection.connect()
  File "/usr/lib/python2.4/site-packages/rhn/connections.py", line 195, in conne                                            ct
    self.sock.init_ssl()
  File "/usr/lib/python2.4/site-packages/rhn/SSL.py", line 76, in init_ssl
    self._ctx.load_verify_locations(f)
OpenSSL.SSL.Error: []

rhn_register
Traceback (most recent call last):
  File "/usr/share/rhn/up2date_client/rhnregGui.py", line 1705, in callAndFilter                                            Exceptions
    return function()
  File "/usr/share/rhn/up2date_client/rhnregGui.py", line 331, in _chooseServerP                                            ageApply
    rhnreg.privacyText()
  File "/usr/share/rhn/up2date_client/rhnreg.py", line 319, in privacyText
    return s.registration.privacy_statement()
  File "/usr/share/rhn/up2date_client/rhnserver.py", line 50, in __call__
    return rpcServer.doCall(method, *args, **kwargs)
  File "/usr/share/rhn/up2date_client/rpcServer.py", line 194, in doCall
    ret = method(*args, **kwargs)
  File "/usr/lib64/python2.4/xmlrpclib.py", line 1096, in __call__
    return self.__send(self.__name, args)
  File "/usr/share/rhn/up2date_client/rpcServer.py", line 38, in _request1
    ret = self._request(methodname, params)
  File "/usr/lib/python2.4/site-packages/rhn/rpclib.py", line 319, in _request
    request, verbose=self._verbose)
  File "/usr/lib/python2.4/site-packages/rhn/transports.py", line 171, in reques                                            t
    headers, fd = req.send_http(host, handler)
  File "/usr/lib/python2.4/site-packages/rhn/transports.py", line 698, in send_h                                            ttp
    self._connection.connect()
  File "/usr/lib/python2.4/site-packages/rhn/connections.py", line 195, in conne                                            ct
    self.sock.init_ssl()
  File "/usr/lib/python2.4/site-packages/rhn/SSL.py", line 76, in init_ssl
    self._ctx.load_verify_locations(f)
OpenSSL.SSL.Error: []

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments