Trying to get kojira to start up, with a new cert (using the instructions for a self hosted CA on the koji server). Koji version 1.9.0-5 on a Centos 6.6 box. I get the following error:
Traceback (most recent call last): File "/usr/sbin/kojira", line 743, in <module> session.ssl_login(options.cert, options.ca, options.serverca) File "/usr/lib/python2.6/site-packages/koji/__init__.py", line 1729, in ssl_login sinfo = self.callMethod('sslLogin', proxyuser) File "/usr/lib/python2.6/site-packages/koji/__init__.py", line 1778, in callMethod return self._callMethod(name, args, opts) File "/usr/lib/python2.6/site-packages/koji/__init__.py", line 1898, in _callMethod return self._sendCall(handler, headers, request) File "/usr/lib/python2.6/site-packages/koji/__init__.py", line 1809, in _sendCall return self._sendOneCall(handler, headers, request) File "/usr/lib/python2.6/site-packages/koji/__init__.py", line 1827, in _sendOneCall cnx.endheaders() File "/usr/lib64/python2.6/httplib.py", line 908, in endheaders self._send_output() File "/usr/lib64/python2.6/httplib.py", line 780, in _send_output self.send(msg) File "/usr/lib64/python2.6/httplib.py", line 759, in send self.sock.sendall(str) File "/usr/lib/python2.6/site-packages/koji/ssl/SSLConnection.py", line 108, in sendall sent = con.send(data, flags) OpenSSL.SSL.Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]
If I run openssl from the command line, to verify the cert, it succeeds:
# openssl verify -CAfile /etc/pki/koji/koji_ca_cert.crt /etc/pki/koji/certs/kojira.cer
/etc/pki/koji/certs/kojira.cer: OK
The cert in question is SHA256/RSA4096 (matching the params of the certs we've previously used).
buildsys@lists.fedoraproject.org