[CentOS-devel] TLS issues koji.mbox.centos.org

Wed Jan 6 20:33:04 UTC 2021
Stephen John Smoogen <smooge at gmail.com>

On Wed, 6 Jan 2021 at 15:30, Stephen John Smoogen <smooge at gmail.com> wrote:

>
>
> On Wed, 6 Jan 2021 at 14:40, Leon Fauster via CentOS-devel <
> centos-devel at centos.org> wrote:
>
>> On a C8 station:
>>
>> LANG=C curl -I https://koji.mbox.centos.org
>> curl: (60) SSL certificate problem: unable to get local issuer certificate
>> More details here: https://curl.haxx.se/docs/sslcerts.html
>>
>> this worked a couple of days ago. Any hints?
>>
>>
> works for me
>
> [smooge at xanadu ~]$ rpm -qa | grep openssl
> openssl-1.1.1g-11.el8.x86_64
> apr-util-openssl-1.6.1-6.el8.x86_64
> openssl-pkcs11-0.4.10-2.el8.x86_64
> openssl-libs-1.1.1g-11.el8.x86_64
> [smooge at xanadu ~]$ uname -a
> Linux xanadu.int.smoogespace.com 4.18.0-193.19.1.el8_2.x86_64 #1 SMP Mon
> Sep 14 14:37:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
> [smooge at xanadu ~]$ LANG=C curl -I https://koji.mbox.centos.org
> HTTP/1.1 302 Found
> Date: Wed, 06 Jan 2021 20:30:08 GMT
> Server: Apache/2.4.39 (Fedora) mod_wsgi/4.6.4 Python/2.7 OpenSSL/1.1.1b
> Location: https://koji.mbox.centos.org/koji/
> Connection: close
> Content-Type: text/html; charset=iso-8859-1
>
>
Added some -v to see if that might give some clues to why it is working for
me. Letsencrypt recently upgraded their middle keys so the older one  might
be cached/installed somewhere?

[smooge at xanadu ~]$ LANG=C curl -vvv -I https://koji.mbox.centos.org
* Rebuilt URL to: https://koji.mbox.centos.org/
*   Trying 8.43.84.206...
* TCP_NODELAY set
* Connected to koji.mbox.centos.org (8.43.84.206) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=koji.mbox.centos.org
*  start date: Jan  4 06:56:29 2021 GMT
*  expire date: Apr  4 06:56:29 2021 GMT
*  subjectAltName: host "koji.mbox.centos.org" matched cert's "
koji.mbox.centos.org"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
> HEAD / HTTP/1.1
> Host: koji.mbox.centos.org
> User-Agent: curl/7.61.1
> Accept: */*
>
< HTTP/1.1 302 Found
HTTP/1.1 302 Found
< Date: Wed, 06 Jan 2021 20:31:21 GMT
Date: Wed, 06 Jan 2021 20:31:21 GMT
< Server: Apache/2.4.39 (Fedora) mod_wsgi/4.6.4 Python/2.7 OpenSSL/1.1.1b
Server: Apache/2.4.39 (Fedora) mod_wsgi/4.6.4 Python/2.7 OpenSSL/1.1.1b
< Location: https://koji.mbox.centos.org/koji/
Location: https://koji.mbox.centos.org/koji/
< Connection: close
Connection: close
< Content-Type: text/html; charset=iso-8859-1
Content-Type: text/html; charset=iso-8859-1

<
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, close notify (256):


>
>
>
>> --
>> Leon
>>
>> _______________________________________________
>> CentOS-devel mailing list
>> CentOS-devel at centos.org
>> https://lists.centos.org/mailman/listinfo/centos-devel
>>
>
>
> --
> Stephen J Smoogen.
>
>

-- 
Stephen J Smoogen.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20210106/cd7b3e38/attachment-0005.html>