Bug #35773
Error "no certificate or crl found" when using a http proxy as "Default Http Proxy" for content syncing or manifest operations
Description
Katello 4.5 and above cannot work with an http proxy whereas the same proxy can be used with 4.4 and works great.
Version-Release number of selected component (if applicable):
Katello 4.5 and above
How reproducible:
100%
Steps to Reproduce:
1. Install a squid proxy server and run it on http://10.74.XXX.XX:3128
2. Install Katello 4.5
3. Import a subscription manifest
4. Create an HTTP proxy inside the Infrastructure --> HttP Proxies page using http://10.74.XXX.XX:3128 as the URL.
5. Set that as a "Default HTTP Proxy" in Administer --> Settings --> Content Tab
6. Access the Content --> Subscriptions page
7. Try expanding \ checking any repository set from Content --> Red Hat Repositories page
Actual results:
Step 6
- UI Shows "no certificate or crl found"
- Satellite never even connects to proxy
- Production.log has this traceback
2022-11-19T00:11:19 [E|app|ee15f1b2] Katello::HttpErrors::BadRequest: no certificate or crl found
ee15f1b2 | /usr/share/gems/gems/katello-4.5.0.20/app/controllers/katello/api/v2/api_controller.rb:271:in `rescue in check_upstream_connection'
ee15f1b2 | /usr/share/gems/gems/katello-4.5.0.20/app/controllers/katello/api/v2/api_controller.rb:268:in `check_upstream_connection'
ee15f1b2 | /usr/share/gems/gems/activesupport-6.0.4.7/lib/active_support/callbacks.rb:428:in `block in make_lambda'
ee15f1b2 | /usr/share/gems/gems/activesupport-6.0.4.7/lib/active_support/callbacks.rb:200:in `block (2 levels) in halting'
ee15f1b2 | /usr/share/gems/gems/actionpack-6.0.4.7/lib/abstract_controller/callbacks.rb:34:in `block (2 levels) in <module:Callbacks>'
ee15f1b2 | /usr/share/gems/gems/activesupport-6.0.4.7/lib/active_support/callbacks.rb:201:in `block in halting'
ee15f1b2 | /usr/share/gems/gems/activesupport-6.0.4.7/lib/active_support/callbacks.rb:513:in `block in invoke_before'
Step 7
- UI shows "No Repositories available"
- Satellite never even connects to the proxy
- production.log shows the following traceback for the Actions::Katello::RepositorySet::ScanCdn task
2022-11-19T00:12:25 [E|bac|8732f73b] no certificate or crl found (OpenSSL::X509::StoreError)
8732f73b | /usr/share/foreman/lib/foreman/util.rb:37:in `add_file'
8732f73b | /usr/share/foreman/lib/foreman/util.rb:37:in `block in add_ca_bundle_to_store'
8732f73b | /usr/share/ruby/tempfile.rb:291:in `open'
8732f73b | /usr/share/foreman/lib/foreman/util.rb:34:in `add_ca_bundle_to_store'
8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/katello/resources/cdn.rb:53:in `initialize'
8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/katello/resources/cdn.rb:67:in `new'
8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/katello/resources/cdn.rb:67:in `create'
8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/models/katello/product.rb:219:in `cdn_resource'
8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/actions/katello/repository_set/scan_cdn.rb:38:in `cdn_var_substitutor'
8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/actions/katello/repository_set/scan_cdn.rb:30:in `fetch_results'
8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/actions/katello/repository_set/scan_cdn.rb:24:in `run'
8732f73b | /usr/share/gems/gems/dynflow-1.6.4/lib/dynflow/action.rb:582:in `block (3 levels) in execute_run'
8732f73b | /usr/share/gems/gems/dynflow-1.6.4/lib/dynflow/middleware/stack.rb:27:in `pass'
8732f73b | /usr/share/gems/gems/dynflow-1.6.4/lib/dynflow/middleware.rb:19:in `pass'
Expect Result:
No Errors
Associated revisions
History
#1
Updated by Partha Aji 2 months ago
- Bugzilla link set to 2144044
#2
Updated by The Foreman Bot 2 months ago
- Assignee set to Partha Aji
- Status changed from New to Ready For Testing
- Pull request https://github.com/Katello/katello/pull/10361 added
#3
Updated by Chris Roberts 2 months ago
- Triaged changed from No to Yes
- Target version set to Katello 4.6.1
- Category set to Foreman Proxy Content
#4
Updated by The Foreman Bot about 2 months ago
- Fixed in Releases Katello 4.8.0 added
#5
Updated by Partha Aji about 2 months ago
- Status changed from Ready For Testing to Closed
Applied in changeset katello|54334bf5cadcd372996839e6ecd0fd2277ec19ea.
#6
Updated by Samir Jha about 2 months ago
- Target version changed from Katello 4.6.1 to Katello 4.7.0
Moving off of 4.6.1 since this depends on changes not part of 4.6. This is available in 4.7.
#7
Updated by The Foreman Bot about 2 months ago
- Pull request https://github.com/Katello/katello/pull/10385 added
Fixes #35773 - Checks for empty cacert on connecting via Http Proxy (#10361)