Re: I broke "yum update" - C7

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Am 2019-08-29 16:51, schrieb Gary Stainburn:
On Thursday 29 August 2019 15:45:44 Gordon Messmer wrote:
On 8/29/19 3:03 AM, Gary Stainburn wrote:
> https://us-east.repo.webtatic.com/yum/el7/x86_64/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's Certificate issuer is not recognized."


What do you see when you run:

    openssl s_client -showcerts -connect us-east.repo.webtatic.com:443

That seems to work fine on the faulty server.

[root@stan2 ~]# openssl s_client -showcerts -connect
us-east.repo.webtatic.com:443
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = webtatic.com
verify return:1

[ ... ]

    Verify return code: 0 (ok)



Hi,

yum uses libcurl behind the scenes and thus NSS and not OpenSSL.

Do you get something indicative when running:

URLGRABBER_DEBUG=1 yum --disablerepo=\* --enablerepo=webtatic check-update

Alexander
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux