RHUI CDS Clients failing to update and receiving an error M2Crypto.SSL.SSLError: tlsv1 alert decrypt error
Issue
I had to rebuild the SSL certs for our RHUA infrastructure as well as rebuild the client RPMs for Rhel5 and Rhel6 updates, now when I try to install updates via "yum update" I receive the following errors:
Redhat 5 client :
[root@localhost ~]# yum update
Loaded plugins: rhui-lb, security
Traceback (most recent call last):
File "/usr/bin/yum", line 29, in ?
yummain.user_main(sys.argv[1:], exit_code=True)
File "/usr/share/yum-cli/yummain.py", line 309, in user_main
errcode = main(args)
File "/usr/share/yum-cli/yummain.py", line 178, in main
result, resultmsgs = base.doCommands()
File "/usr/share/yum-cli/cli.py", line 345, in doCommands
self._getTs(needTsRemove)
File "/usr/lib/python2.4/site-packages/yum/depsolve.py", line 101, in _getTs
self._getTsInfo(remove_only)
File "/usr/lib/python2.4/site-packages/yum/depsolve.py", line 112, in _getTsInfo
pkgSack = self.pkgSack
File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 662, in <lambda>
pkgSack = property(fget=lambda self: self._getSacks(),
File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 502, in _getSacks
self.repos.populateSack(which=repos)
File "/usr/lib/python2.4/site-packages/yum/repos.py", line 260, in populateSack
sack.populate(repo, mdtype, callback, cacheonly)
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 168, in populate
if self._check_db_version(repo, mydbtype):
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 226, in _check_db_version
return repo._check_db_version(mdtype)
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1226, in _check_db_version
repoXML = self.repoXML
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1399, in <lambda>
repoXML = property(fget=lambda self: self._getRepoXML(),
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1391, in _getRepoXML
self._loadRepoXML(text=self)
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1381, in _loadRepoXML
return self._groupLoadRepoXML(text, ["primary"])
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1365, in _groupLoadRepoXML
if self._commonLoadRepoXML(text):
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1201, in _commonLoadRepoXML
result = self._getFileRepoXML(local, text)
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 974, in _getFileRepoXML
cache=self.http_caching == 'all')
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 811, in _getFile
http_headers=headers,
File "/usr/lib/python2.4/site-packages/urlgrabber/mirror.py", line 412, in urlgrab
return self._mirror_try(func, url, kw)
File "/usr/lib/python2.4/site-packages/urlgrabber/mirror.py", line 398, in _mirror_try
return func_ref( *(fullurl,), **kwargs )
File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 936, in urlgrab
return self._retry(opts, retryfunc, url, filename)
File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 854, in _retry
r = apply(func, (opts,) + args, {})
File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 922, in retryfunc
fo = URLGrabberFileObject(url, filename, opts)
File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 1010, in __init__
self._do_open()
File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 1093, in _do_open
fo, hdr = self._make_request(req, opener)
File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 1202, in _make_request
fo = opener.open(req)
File "/usr/lib/python2.4/urllib2.py", line 358, in open
response = self._open(req, data)
File "/usr/lib/python2.4/urllib2.py", line 376, in _open
'_open', req)
File "/usr/lib/python2.4/urllib2.py", line 337, in _call_chain
result = func(*args)
File "/usr/lib/python2.4/site-packages/M2Crypto/m2urllib2.py", line 83, in https_open
r = h.getresponse()
File "/usr/lib/python2.4/httplib.py", line 872, in getresponse
response.begin()
File "/usr/lib/python2.4/httplib.py", line 336, in begin
version, status, reason = self._read_status()
File "/usr/lib/python2.4/httplib.py", line 294, in _read_status
line = self.fp.readline()
File "/usr/lib/python2.4/socket.py", line 325, in readline
data = recv(1)
File "/usr/lib/python2.4/site-packages/M2Crypto/SSL/Connection.py", line 217, in read
return self._read_bio(size)
File "/usr/lib/python2.4/site-packages/M2Crypto/SSL/Connection.py", line 202, in _read_bio
return m2.ssl_read(self.ssl, size, self._timeout)
M2Crypto.SSL.SSLError: tlsv1 alert decrypt error
Redhat 6 client :
[root@localhost product]# yum update
Loaded plugins: rhui-lb
https://rhua.cloud.com/pulp/repos///content/dist/rhel/rhui/server/6/6Server/i386/optional/os/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 503"
Trying other mirror.
https://rhua.cloud.com/pulp/repos///content/dist/rhel/rhui/server/6/6Server/i386/optional/os/repodata/repomd.xml: [Errno 14] PYCURL ERROR 56 - "SSL read: errno -12192"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: rhui-rhel-6-server-rhui-optional-rpms. Please verify its path and try again
I also see the following in the web server logs on the CDS servers :
[Thu Dec 12 15:36:04 2013] [error] [client 10.0.0.0] Certificate Verification: Error (7): certificate signature failure
[Thu Dec 12 15:36:04 2013] [error] [client 10.0.0.0] Re-negotiation handshake failed: Not accepted by client!?
[Thu Dec 12 15:36:16 2013] [error] [client 10.0.0.0] Certificate Verification: Error (7): certificate signature failure
[Thu Dec 12 15:36:16 2013] [error] [client 10.0.0.0] Re-negotiation handshake failed: Not accepted by client!?
[Thu Dec 12 15:43:46 2013] [error] [client 10.0.0.0] Certificate Verification: Error (7): certificate signature failure
[Thu Dec 12 15:43:46 2013] [error] [client 10.0.0.0] Re-negotiation handshake failed: Not accepted by client!?
Any ideas?
Environment
- Red Hat Update Infrastructure 2.1
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.