Re: Not a bug (was: Re: Can't log into Koji)
On Sat, Jan 18, 2020 at 5:09 AM Richard W.M. Jones wrote: > > On Sat, Jan 18, 2020 at 12:02:08PM +, Richard W.M. Jones wrote: > > > > $ KRB5_TRACE=/dev/stderr koji -d hello > > 2020-01-18 12:00:47,323 [DEBUG] koji: Opening new requests session > > 2020-01-18 12:00:47,323 [DEBUG] koji: Opening new requests session > > 2020-01-18 12:00:47,619 [DEBUG] koji: Opening new requests session > > 2020-01-18 12:00:47,619 [DEBUG] koji: gssapi auth failed: > > requests.exceptions.SSLError: > > HTTPSConnectionPool(host='koji.fedoraproject.org', port=443): Max retries > > exceeded with url: /kojihub/ssllogin (Caused by > > SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] > > certificate verify failed: unable to get local issuer certificate > > (_ssl.c:1108)'))) > > > > Traceback (most recent call last): > > File "/usr/bin/koji", line 336, in > > rv = locals()[command].__call__(options, session, args) > > File "/usr/lib/python3.8/site-packages/koji_cli/commands.py", line 7372, > > in handle_moshimoshi > > activate_session(session, options) > > File "/usr/lib/python3.8/site-packages/koji_cli/lib.py", line 571, in > > activate_session > > session.krb_login(proxyuser=runas) > > File "/usr/lib/python3.8/site-packages/koji/__init__.py", line 2258, in > > krb_login > > if self.gssapi_login(principal, keytab, ccache, proxyuser=proxyuser): > > File "/usr/lib/python3.8/site-packages/koji/__init__.py", line 2415, in > > gssapi_login > > raise AuthError('unable to obtain a session') > > koji.AuthError: unable to obtain a session > > Sorry, not a bug. I remembered that I had put some alternate > certificates into ~/.koji to access another Koji instance. I think there is a usability RFE here. If we get an SSLError *and* the Koji client is configured to use one specific CA bundle file on disk, then we should log that path to the CA file we used. - Ken ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Not a bug (was: Re: Can't log into Koji)
On Sat, Jan 18, 2020 at 12:02:08PM +, Richard W.M. Jones wrote: > > $ KRB5_TRACE=/dev/stderr koji -d hello > 2020-01-18 12:00:47,323 [DEBUG] koji: Opening new requests session > 2020-01-18 12:00:47,323 [DEBUG] koji: Opening new requests session > 2020-01-18 12:00:47,619 [DEBUG] koji: Opening new requests session > 2020-01-18 12:00:47,619 [DEBUG] koji: gssapi auth failed: > requests.exceptions.SSLError: > HTTPSConnectionPool(host='koji.fedoraproject.org', port=443): Max retries > exceeded with url: /kojihub/ssllogin (Caused by > SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] > certificate verify failed: unable to get local issuer certificate > (_ssl.c:1108)'))) > > Traceback (most recent call last): > File "/usr/bin/koji", line 336, in > rv = locals()[command].__call__(options, session, args) > File "/usr/lib/python3.8/site-packages/koji_cli/commands.py", line 7372, in > handle_moshimoshi > activate_session(session, options) > File "/usr/lib/python3.8/site-packages/koji_cli/lib.py", line 571, in > activate_session > session.krb_login(proxyuser=runas) > File "/usr/lib/python3.8/site-packages/koji/__init__.py", line 2258, in > krb_login > if self.gssapi_login(principal, keytab, ccache, proxyuser=proxyuser): > File "/usr/lib/python3.8/site-packages/koji/__init__.py", line 2415, in > gssapi_login > raise AuthError('unable to obtain a session') > koji.AuthError: unable to obtain a session Sorry, not a bug. I remembered that I had put some alternate certificates into ~/.koji to access another Koji instance. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-df lists disk usage of guests without needing to install any software inside the virtual machine. Supports Linux and Windows. http://people.redhat.com/~rjones/virt-df/ ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org