Project

General

Profile

Bug #8436

Updated by François ARMAND almost 8 years ago

_**_On some old OS (for example: SUSE Linux Enterprise Server 11 (x86_64), VERSION = 11, PATCHLEVEL = 3, OpenSSL 0.9.8j-fips 07 Jan 2009), when the node try to get the server uuid, we get an error:  

 <pre> 
 curl -L -k -1 -s -f --proxy '' https://xxx.xxx.xxx.xxx/uuid : an error occured, returned 51  
 </pre> 

 The error message means: "The remote server's SSL certificate or SSH md5 fingerprint was deemed not OK." 

 The same command, without the -1 option (meaning: force use TLS), works on these OS.   


 [removing non working workaround] A workaround is to update openssl.  
 An other workaround is to remove the -1 from the command line in the different files it appears: 

 - on a policy server:  

 <pre> 
 sed -i "s/-k -1/-k/" /var/rudder/configuration-repository/techniques/system/inventory/1.0/fusionAgent.st 
 sed -i "s/-k -1/-k/" /var/rudder/configuration-repository/techniques/system/distributePolicy/1.0/propagatePromises.st 
 sed -i "s/-k -1/-k/" /opt/rudder/share/initial-promises/inventory/1.0/fusionAgent.cf 
 </pre> 

 - on a node:  

 <pre> 
 sed -i "s/-k -1/-k/" /opt/rudder/share/initial-promises/inventory/1.0/fusionAgent.cf 
 sed -i "s/-k -1/-k/" /var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf 
 </pre> 




Back