[packman] Build Service. SSL Error

Ludwig Nussel ludwig.nussel at suse.de
Wed Jan 18 17:01:06 CET 2012


Pascal Bleser wrote:
> On 2012-01-18 07:52:50 (-0600), Malcolm <malcolm_lewis at bellsouth.net> wrote:
>> On Wed, 18 Jan 2012 17:17:49 +0400
>> Kyrill Detinov <lazy.kent at opensuse.org> wrote:
>>> When I try to connect to server via osc I get error:
>>> SSL Error: sslv3 alert handshake failure
>>> How to fix?
> 
>> Add sslcertck=0 to your ~/.oscrc file for the moment.
> 
> Yep, specifically in the section for pmbs.links2linux.org

No, that's never a solution.

> The reason is not that our SSL certificate is invalid, but that
> recent versions of osc introduced stronger SSL peer certificate
> requirements, and apparently our CAcert certificate is too weak
> for that.

It has nothing to do with the certificate. Someone decided to put
arbitrary restrictions on the accepted ciphers in osc. Apply the
following commit to reset it to a working setting:
https://github.com/openSUSE/osc/commit/0f2e8e257d3f298dc034b212267bbb5ba04d2430

Alternatively reconfigure your web server to also offer stronger
ciphers. Note that the template file for ssl vhosts in the apache
package was broken in the past so if you used that you may want to have
a look at a newer one and use the cipher string from there.

Btw, you can get a certificate free of charge of a Mozilla accepted
CA from http://www.startssl.com/

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) 




More information about the Packman mailing list