Trying to get kojira to start up, with a new cert (using the instructions
for a self hosted CA on the koji server). Koji version 1.9.0-5 on a Centos
6.6 box. I get the following error:
Traceback (most recent call last):
File "/usr/sbin/kojira", line 743, in <module>
session.ssl_login(options.cert, options.ca, options.serverca)
File "/usr/lib/python2.6/site-packages/koji/__init__.py", line 1729, in
ssl_login
sinfo = self.callMethod('sslLogin', proxyuser)
File "/usr/lib/python2.6/site-packages/koji/__init__.py", line 1778, in
callMethod
return self._callMethod(name, args, opts)
File "/usr/lib/python2.6/site-packages/koji/__init__.py", line 1898, in
_callMethod
return self._sendCall(handler, headers, request)
File "/usr/lib/python2.6/site-packages/koji/__init__.py", line 1809, in
_sendCall
return self._sendOneCall(handler, headers, request)
File "/usr/lib/python2.6/site-packages/koji/__init__.py", line 1827, in
_sendOneCall
cnx.endheaders()
File "/usr/lib64/python2.6/httplib.py", line 908, in endheaders
self._send_output()
File "/usr/lib64/python2.6/httplib.py", line 780, in _send_output
self.send(msg)
File "/usr/lib64/python2.6/httplib.py", line 759, in send
self.sock.sendall(str)
File "/usr/lib/python2.6/site-packages/koji/ssl/SSLConnection.py", line
108, in sendall
sent = con.send(data, flags)
OpenSSL.SSL.Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',
'certificate verify failed')]
If I run openssl from the command line, to verify the cert, it succeeds:
# openssl verify -CAfile /etc/pki/koji/koji_ca_cert.crt
/etc/pki/koji/certs/kojira.cer
/etc/pki/koji/certs/kojira.cer: OK
The cert in question is SHA256/RSA4096 (matching the params of the certs
we've previously used).
--
Squirrels are the lunatic teenagers of the animal kingdom.
Show replies by date