brooklyn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yavor Yanchev (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (BROOKLYN-350) Upstream yum repos for PostgresSQL started to enforce HTTPS
Date Mon, 26 Sep 2016 12:11:20 GMT

    [ https://issues.apache.org/jira/browse/BROOKLYN-350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15522867#comment-15522867
] 

Yavor Yanchev commented on BROOKLYN-350:
----------------------------------------

Curl output with -L config option applied

{code}
$ curl -L -v http://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/pgdg-centos94-9.4-2.noarch.rpm
-o pgdg.rpm
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 174.143.35.196...
* Connected to yum.postgresql.org (174.143.35.196) port 80 (#0)
> GET /9.4/redhat/rhel-6-x86_64/pgdg-centos94-9.4-2.noarch.rpm HTTP/1.1
> Host: yum.postgresql.org
> User-Agent: curl/7.47.1
> Accept: */*
> 
< HTTP/1.1 301 Moved Permanently
< Location: https://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/pgdg-centos94-9.4-2.noarch.rpm
< Content-Length: 0
< Date: Mon, 26 Sep 2016 12:09:26 GMT
< Server: lighttpd/1.4.35
< 
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Connection #0 to host yum.postgresql.org left intact
* Issue another request to this URL: 'https://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/pgdg-centos94-9.4-2.noarch.rpm'
* Found bundle for host yum.postgresql.org: 0x55f167268520 [can pipeline]
*   Trying 174.143.35.196...
* Connected to yum.postgresql.org (174.143.35.196) port 443 (#1)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* ALPN/NPN, server did not agree to a protocol
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* 	subject: CN=yum.postgresql.org
* 	start date: Sep 24 06:52:00 2016 GMT
* 	expire date: Dec 23 06:52:00 2016 GMT
* 	common name: yum.postgresql.org
* 	issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0> GET /9.4/redhat/rhel-6-x86_64/pgdg-centos94-9.4-2.noarch.rpm
HTTP/1.1
> Host: yum.postgresql.org
> User-Agent: curl/7.47.1
> Accept: */*
> 
< HTTP/1.1 200 OK
< Content-Type: application/x-redhat-package-manager
< Accept-Ranges: bytes
< ETag: "549014231"
< Last-Modified: Wed, 21 Oct 2015 08:52:11 GMT
< Content-Length: 5416
< Date: Mon, 26 Sep 2016 12:09:27 GMT
< Server: lighttpd/1.4.35
< 
{ [5416 bytes data]
100  5416  100  5416    0     0   3206      0  0:00:01  0:00:01 --:--:-- 33639
* Connection #1 to host yum.postgresql.org left intact

{code}

> Upstream yum repos for PostgresSQL started to enforce HTTPS
> -----------------------------------------------------------
>
>                 Key: BROOKLYN-350
>                 URL: https://issues.apache.org/jira/browse/BROOKLYN-350
>             Project: Brooklyn
>          Issue Type: Dependency upgrade
>            Reporter: Yavor Yanchev
>
> The upstream YUM repos [1] provided by the PostgreSQL project started to enforce HTTPS.
> The PostgreSqlSshDriver uses curl to download RPMs from the upstream repo URL, but fails
because it is redirected to the HTTPS location using a standard 301 header and curl is not
instructed to follow the redirects.
> Example curl output
> {code}
> < HTTP/1.1 301 Moved Permanently
> < Location: https://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/pgdg-centos94-9.4-2.noarch.rpm
> {code}
> If curl is instructed to follow the redirects with -L (--location) option the download
will be successful 
> [1] http://yum.postgresql.org



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message