[Pulp-list] Pulp 2.3: Synching RHN via Proxy stopped working

Florian Sachs florian.sachs at bmlvs.gv.at
Thu Dec 12 14:35:06 UTC 2013


Hi,

The problem was related to our Bluecoat Proxy, which didn't handle 
TLS1.2 correctly. Squid and tinyproxy work without any problems.

I was able to change the behaviour of urllib3, which is used by pulp, to 
use TLSv1 (and not 1.2), which is easier for me than trying to get the 
Bluecoat fixed.

best regards,
florian

Her is the diff:

--- /usr/lib/python2.6/site-packages/requests/packages/urllib3/util.py 
2013-09-24 20:09:11.000000000 +0200
+++ /tmp/util.py        2013-12-12 14:58:45.539748660 +0100
@@ -26,7 +26,7 @@
      HAS_SNI = False

      import ssl
-    from ssl import wrap_socket, CERT_NONE, PROTOCOL_SSLv23
+    from ssl import wrap_socket, CERT_NONE, PROTOCOL_SSLv23, PROTOCOL_TLSv1
      from ssl import SSLContext  # Modern SSL?
      from ssl import HAS_SNI  # Has SNI?
  except ImportError:
@@ -528,7 +528,7 @@
      like resolve_cert_reqs
      """
      if candidate is None:
-        return PROTOCOL_SSLv23
+        return PROTOCOL_TLSv1

      if isinstance(candidate, str):
          res = getattr(ssl, candidate, None)

Am 09.12.2013 16:48, schrieb Michael Hrivnak:
> Hi, Florian. We thoroughly tested the proxy functionality with 2.3 and re-confirmed this morning that it works doing a sync from our CDN through a squid proxy. I added a couple of questions to the bug report that may help identify what's going on in your setup.
>
> Thanks for being in touch.
>
> Michael
>
> ----- Original Message -----
> From: "Florian Sachs" <florian.sachs at bmlvs.gv.at>
> To: pulp-list at redhat.com
> Sent: Monday, December 9, 2013 3:30:02 AM
> Subject: [Pulp-list] Pulp 2.3: Synching RHN via Proxy stopped working
>
> Hi,
>
> With 2.3 Synching from HRN via our company proxy stopped working.
>
> Has anyone been successfull synching RHN with pulp 2.3 via a Proxy?
>
> florian
>
> FYI: I already filed a bug:
> https://bugzilla.redhat.com/show_bug.cgi?id=1039471
>
>
> _______________________________________________
> Pulp-list mailing list
> Pulp-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-list




More information about the Pulp-list mailing list