-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 22/09/15 00:42, Haïkel wrote: > Hi, > > I finally found a workaround to fix CBS issues when using python > >= 2.7.9 (like Fedora 22 and above) > https://bugzilla.redhat.com/show_bug.cgi?id=1231616 Though it's > dirty, but it's no different from python 2.7.8 and older behavior. > > Starting python 2.7.9, python ssl standard module enable > certificate verification by default, hence causing koji client to > fail when interacting with CBS. What I do not get is why withe the > same koki client I have no issues with Fedora Koji instance, and > why it fails with CBS. People using F21 and older or CentOS, won't > experience that issue. > > I suspect either a configuration or difference of server versions > difference, so I'd like CBS admins to investigate that issue. > > Regards, H. I'll investigate the issue, but as I'm myself not using Fedora , that will be more difficult. I'll setup a VM for that test. Also, if python does cert validation (which I was hoping it was already doing), I'd like to know why it complains about it, if you have to point koji (through ~/.koji/config) to both ca and serverca. Worth noting that we'll migrate "soon" (more details through the cbs/infra weekly meeting) to FAS, so every CBS packager/builder will have to modify his config. We're also testing to offer different certs for koji communication : the kojihub/kojiweb cert will be signed by a "trusted" CA (aka serverca in your ~/.koji/config file) while FAS will be the CA used to sign cert used for kojid builders nodes and koji client (so for "users") - -- Fabian Arrotin The CentOS Project | http://www.centos.org gpg key: 56BEC54E | twitter: @arrfab -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlYBP50ACgkQnVkHo1a+xU6/pgCggThZJiLGsmtJSFKYR81CwbW1 S0IAoJUMqCruHsJR5U/trLS2uHWXy7/Z =lMpq -----END PGP SIGNATURE-----