[MDEV-9435] yum.mariadb.org intermittent ssl certificate ca bundle problem Created: 2016-01-20  Updated: 2016-01-25  Resolved: 2016-01-25

Status: Closed
Project: MariaDB Server
Component/s: Packaging
Affects Version/s: N/A
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: MG Assignee: Daniel Bartholomew
Resolution: Fixed Votes: 0
Labels: None
Environment:

yum


 Description   

While I am not sure this is the best place to report this, It seems that I do not get a valid connection to https://yum.mariadb.org reliably:

 
 
 
 
# date; curl https://yum.mariadb.org/RPM-GPG-KEY-MariaDB 2>&1 | head -c500; echo
 
Tue Jan 19 23:01:45 UTC 2016
 
 
 
curl: (60) Peer certificate cannot be authenticated with known CA certificates
 
More details here: http://curl.haxx.se/docs/sslcerts.html
 
 
 
curl performs SSL certificate verification by default, using a "bundle"
 
 of Certificate Authority (CA) public keys (CA certs). If the default
 
 bundle file isn't adequate, you can specify an alternate file
 
 using the --cacert option.
 
If this HTTPS server uses a certificate signed by a CA represented in
 
 the bundle, the certificate verification probably failed
 
# date; curl https://yum.mariadb.org/RPM-GPG-KEY-MariaDB 2>&1 | head -c500; echo
 
Tue Jan 19 23:01:47 UTC 2016
 
 
 
curl: (60) Peer certificate cannot be authenticated with known CA certificates
 
More details here: http://curl.haxx.se/docs/sslcerts.html
 
 
 
curl performs SSL certificate verification by default, using a "bundle"
 
 of Certificate Authority (CA) public keys (CA certs). If the default
 
 bundle file isn't adequate, you can specify an alternate file
 
 using the --cacert option.
 
If this HTTPS server uses a certificate signed by a CA represented in
 
 the bundle, the certificate verification probably failed
 
# date; curl https://yum.mariadb.org/RPM-GPG-KEY-MariaDB 2>&1 | head -c500; echo
 
Tue Jan 19 23:01:51 UTC 2016
 
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
 
                                 Dload  Upload   Total   Spent    Left  Speed
 
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0-----BEGIN PGP PUBLIC KEY BLOCK-----
 
Version: GnuPG v1.4.14 (GNU/Linux)
 
 
 
mQGiBEtohJARBACxvZpWSIMTp/e7BUzSW+WDL7Pl0JDg6v7ZJFGJk9qo+5JXIiis
 
497Ul0FmVJ6EoyVzfpqe5FyUvqtLCkM6UP5adyvXTHi1KMiYacu2q5yRhDpMKbpM
 
LkAg23Yyz1yK/d0TsAkerLJ6K1Bh8NIm44Op+qFrDxeYZDIR5Q8WaCdK8wCg
 
# date; curl https://yum.mariadb.org/RPM-GPG-KEY-MariaDB 2>&1 | head -c500; echo
 
Tue Jan 19 23:01:55 UTC 2016
 
 
 
curl: (60) Peer certificate cannot be authenticated with known CA certificates
 
More details here: http://curl.haxx.se/docs/sslcerts.html
 
 
 
curl performs SSL certificate verification by default, using a "bundle"
 
 of Certificate Authority (CA) public keys (CA certs). If the default
 
 bundle file isn't adequate, you can specify an alternate file
 
 using the --cacert option.
 
If this HTTPS server uses a certificate signed by a CA represented in
 
 the bundle, the certificate verification probably failed



 Comments   
Comment by Daniel Bartholomew [ 2016-01-20 ]

There was a configuration issue with the CA bundle not being sent. I've fixed it and curl is now succeeding for me.

mg: Can you confirm if the issue is fixed on your end?

Thanks.

Comment by MG [ 2016-01-21 ]

dbart,

This looks to be fixed from my end, thanks!
~mg

Comment by Daniel Bartholomew [ 2016-01-25 ]

fixed, so closing

Generated at Thu Feb 08 07:34:39 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.