[
https://issues.apache.org/jira/browse/BROOKLYN-350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15522867#comment-15522867
]
Yavor Yanchev commented on BROOKLYN-350:
----------------------------------------
Curl output with -L config option applied
{code}
$ curl -L -v
http://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/pgdg-centos94-9.4-2.noarch.rpm
-o pgdg.rpm
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0*
Trying 174.143.35.196...
* Connected to yum.postgresql.org (174.143.35.196) port 80 (#0)
> GET /9.4/redhat/rhel-6-x86_64/pgdg-centos94-9.4-2.noarch.rpm HTTP/1.1
> Host: yum.postgresql.org
> User-Agent: curl/7.47.1
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Location:
https://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/pgdg-centos94-9.4-2.noarch.rpm
< Content-Length: 0
< Date: Mon, 26 Sep 2016 12:09:26 GMT
< Server: lighttpd/1.4.35
<
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Connection #0 to host yum.postgresql.org left intact
* Issue another request to this URL:
'https://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/pgdg-centos94-9.4-2.noarch.rpm'
* Found bundle for host yum.postgresql.org: 0x55f167268520 [can pipeline]
* Trying 174.143.35.196...
* Connected to yum.postgresql.org (174.143.35.196) port 443 (#1)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* ALPN/NPN, server did not agree to a protocol
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* subject: CN=yum.postgresql.org
* start date: Sep 24 06:52:00 2016 GMT
* expire date: Dec 23 06:52:00 2016 GMT
* common name: yum.postgresql.org
* issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0>
GET /9.4/redhat/rhel-6-x86_64/pgdg-centos94-9.4-2.noarch.rpm HTTP/1.1
> Host: yum.postgresql.org
> User-Agent: curl/7.47.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: application/x-redhat-package-manager
< Accept-Ranges: bytes
< ETag: "549014231"
< Last-Modified: Wed, 21 Oct 2015 08:52:11 GMT
< Content-Length: 5416
< Date: Mon, 26 Sep 2016 12:09:27 GMT
< Server: lighttpd/1.4.35
<
{ [5416 bytes data]
100 5416 100 5416 0 0 3206 0 0:00:01 0:00:01 --:--:-- 33639
* Connection #1 to host yum.postgresql.org left intact
{code}
> Upstream yum repos for PostgresSQL started to enforce HTTPS
> -----------------------------------------------------------
>
> Key: BROOKLYN-350
> URL: https://issues.apache.org/jira/browse/BROOKLYN-350
> Project: Brooklyn
> Issue Type: Dependency upgrade
> Reporter: Yavor Yanchev
>
> The upstream YUM repos [1] provided by the PostgreSQL project started to
> enforce HTTPS.
> The PostgreSqlSshDriver uses curl to download RPMs from the upstream repo
> URL, but fails because it is redirected to the HTTPS location using a
> standard 301 header and curl is not instructed to follow the redirects.
> Example curl output
> {code}
> < HTTP/1.1 301 Moved Permanently
> < Location:
> https://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/pgdg-centos94-9.4-2.noarch.rpm
> {code}
> If curl is instructed to follow the redirects with -L (--location) option the
> download will be successful
> [1] http://yum.postgresql.org
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
