Bug #35773
closed
Error "no certificate or crl found" when using a http proxy as "Default Http Proxy" for content syncing or manifest operations
Description
Katello 4.5 and above cannot work with an http proxy whereas the same proxy can be used with 4.4 and works great.
Version-Release number of selected component (if applicable):
Katello 4.5 and above
How reproducible:
100%
Steps to Reproduce:
1. Install a squid proxy server and run it on http://10.74.XXX.XX:3128
2. Install Katello 4.5
3. Import a subscription manifest
4. Create an HTTP proxy inside the Infrastructure --> HttP Proxies page using http://10.74.XXX.XX:3128 as the URL.
5. Set that as a "Default HTTP Proxy" in Administer --> Settings --> Content Tab
6. Access the Content --> Subscriptions page
7. Try expanding \ checking any repository set from Content --> Red Hat Repositories page
Actual results:
Step 6
- UI Shows "no certificate or crl found"
- Satellite never even connects to proxy
- Production.log has this traceback
2022-11-19T00:11:19 [E|app|ee15f1b2] Katello::HttpErrors::BadRequest: no certificate or crl found
ee15f1b2 | /usr/share/gems/gems/katello-4.5.0.20/app/controllers/katello/api/v2/api_controller.rb:271:in `rescue in check_upstream_connection'
ee15f1b2 | /usr/share/gems/gems/katello-4.5.0.20/app/controllers/katello/api/v2/api_controller.rb:268:in `check_upstream_connection'
ee15f1b2 | /usr/share/gems/gems/activesupport-6.0.4.7/lib/active_support/callbacks.rb:428:in `block in make_lambda'
ee15f1b2 | /usr/share/gems/gems/activesupport-6.0.4.7/lib/active_support/callbacks.rb:200:in `block (2 levels) in halting'
ee15f1b2 | /usr/share/gems/gems/actionpack-6.0.4.7/lib/abstract_controller/callbacks.rb:34:in `block (2 levels) in <module:Callbacks>'
ee15f1b2 | /usr/share/gems/gems/activesupport-6.0.4.7/lib/active_support/callbacks.rb:201:in `block in halting'
ee15f1b2 | /usr/share/gems/gems/activesupport-6.0.4.7/lib/active_support/callbacks.rb:513:in `block in invoke_before'
Step 7
- UI shows "No Repositories available"
- Satellite never even connects to the proxy
- production.log shows the following traceback for the Actions::Katello::RepositorySet::ScanCdn task
2022-11-19T00:12:25 [E|bac|8732f73b] no certificate or crl found (OpenSSL::X509::StoreError)
8732f73b | /usr/share/foreman/lib/foreman/util.rb:37:in `add_file'
8732f73b | /usr/share/foreman/lib/foreman/util.rb:37:in `block in add_ca_bundle_to_store'
8732f73b | /usr/share/ruby/tempfile.rb:291:in `open'
8732f73b | /usr/share/foreman/lib/foreman/util.rb:34:in `add_ca_bundle_to_store'
8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/katello/resources/cdn.rb:53:in `initialize'
8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/katello/resources/cdn.rb:67:in `new'
8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/katello/resources/cdn.rb:67:in `create'
8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/models/katello/product.rb:219:in `cdn_resource'
8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/actions/katello/repository_set/scan_cdn.rb:38:in `cdn_var_substitutor'
8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/actions/katello/repository_set/scan_cdn.rb:30:in `fetch_results'
8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/actions/katello/repository_set/scan_cdn.rb:24:in `run'
8732f73b | /usr/share/gems/gems/dynflow-1.6.4/lib/dynflow/action.rb:582:in `block (3 levels) in execute_run'
8732f73b | /usr/share/gems/gems/dynflow-1.6.4/lib/dynflow/middleware/stack.rb:27:in `pass'
8732f73b | /usr/share/gems/gems/dynflow-1.6.4/lib/dynflow/middleware.rb:19:in `pass'
Expect Result:
No Errors
Updated by 
Updated by 
Updated by 
Updated by