On Sex, 2015-01-30 at 18:29 +0000, Allen Hewes wrote: > > > > el7 have md5 disable and if you have your ssl certificates with > > 'default_md=md5' parameter, you must recreate your pki with this > > parameter to > > sha1 or better sha256 in your ssl.cnf > > (http://fedoraproject.org/wiki/Koji/ServerHowTo). > > > > to be sure that's the problem: > > OPENSSL_ENABLE_MD5_VERIFY=1 koji regen-repo el5-decisiv > > > > if this command run successfully, you know what to do ... > > Hi Didier, > > Yep, I knew this. I remembered the e-mail on the list. Also, I didn't > move/use any of my current Koji configuration files from my running instance. > I made a new Koji instance from scratch. I made sure to use the SHA256 > crypto. It's also the crypto specified the example ssl.cnf on the Fedora > documentation link you sent. > > Also, koji commands work. It's just the polling watching function doesn't > unless I rescue the OpenSSL.SSL.SysCallError: (-1, 'Unexpected EOF'). From > what I can find out, this is a NO-OP situation that isn't currently handled > in Koji's code. The koji client *is* authenticating via SSL but then the > polling (watching the task/request) doesn't work. > > I see the same "Unexpected EOF" (unless I rescue it) in /var/log/kojid.log: > 2015-01-29 03:12:50,257 [INFO] koji: Try #1 for call 362 (listBuildroots) > failed: (-1, 'Unexpected EOF') > > I will double check the SSL certs but I am confident that I would get a > different error message.
yeap koji server now needs to be build in a sha256 certs and I'm getting same problem on Fedora 21 with all updates-testing available for this area your patch mention in first message of this thread works great and I could bootstrap one koji server ( with self signed certificates ) it also looks like this bug https://bugzilla.redhat.com/show_bug.cgi?id=1186994 Thanks, -- Sérgio M. B. -- buildsys mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/buildsys
