On 7/16/20 1:59 PM, warron.french wrote:
I work in a lab environment that has a proxy somewhere on the network.I have my VMware VM running CentOS8 and have installed the epel-latest-release package.When I execute a generic *yum update *I run into problems. They are here:[root@wsf-owt-dev001:yum.repos.d]# yum update Extra Packages for Enterprise Linux 8 - Playground - x86_64 0.0 B/s | 0 B 00:01 Errors during downloading metadata for repository 'epel-playground': - Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://mirrors.fedoraproject.org/metalink?repo=playground-epel8&arch=x86_64&infra=stock&content=centos [SSL certificate problem: EE certificate key too weak] Error: Failed to download metadata for repo 'epel-playground': Cannot prepare internal mirrorlist: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://mirrors.fedoraproject.org/metalink?repo=playground-epel8&arch=x86_64&infra=stock&content=centos [SSL certificate problem: EE certificate key too weak]I see the curl error, so I try a curl command and also run into problems:[root@wsf-owt-dev001:yum.repos.d]# curl -v https://mirrors.fedoraproject.org/metalink?repo=playground-epel8&arch=x86_64&infra=stock&content=centos [1] 683465 [2] 683466 [3] 683467 [root@wsf-owt-dev001:yum.repos.d]# * Uses proxy env variable https_proxy == 'http://214.3.129.49:80' * Trying 214.3.129.49... * TCP_NODELAY set * Connected to 214.3.129.49 (214.3.129.49) port 80 (#0) * allocate connect buffer! * Establish HTTP proxy tunnel to mirrors.fedoraproject.org:443 <http://mirrors.fedoraproject.org:443> > CONNECT mirrors.fedoraproject.org:443 <http://mirrors.fedoraproject.org:443> HTTP/1.1 > Host: mirrors.fedoraproject.org:443 <http://mirrors.fedoraproject.org:443> > User-Agent: curl/7.61.1 > Proxy-Connection: Keep-Alive > < HTTP/1.0 200 Connection established < * Proxy replied 200 to CONNECT request * CONNECT phase completed! * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CONNECT phase completed! * CONNECT phase completed! * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS alert, bad certificate (554): * SSL certificate problem: EE certificate key too weak * Closing connection 0 curl: (60) SSL certificate problem: EE certificate key too weak More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. [1] Exit 60 curl -v https://mirrors.fedoraproject.org/metalink?repo=playground-epel8 [2]- Done arch=x86_64 [3]+ Done infra=stockI don't know what to do to fix this. Can someone please explain what the problem is on a high level and then what to do about it so that I can learn from this?
What's the output of:curl --trace-ascii - 'https://mirrors.fedoraproject.org/metalink?repo=playground-epel8&arch=x86_64&infra=stock&content=centos'
-- Orion Poplawski Manager of NWRA Technical Systems 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion@xxxxxxxx Boulder, CO 80301 https://www.nwra.com/
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx