Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-1342

dnf should try a different mirror if it encounters a mirror with a certificate problem

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Normal Normal
    • rhel-9.5
    • CentOS Stream 8
    • dnf
    • dnf-4.14.0-15.el9
    • None
    • None
    • sst_cs_software_management
    • ssg_core_services
    • 16
    • 18
    • 2
    • QE ack, Dev ack
    • False
    • Hide

      None

      Show
      None
    • Yes
    • None
    • Bug Fix
    • Hide
      .DNF(8) now includes information about `dnf makecache --timer` not trying further mirrors if the first mirror fails

      Previously, the information that the `dnf makecache --timer` command does not try further mirrors in a repository mirrorlist if the first mirror failed was not included in the DNF(8) man page. With this update, the documentation was updated to include this information.
      Show
      .DNF(8) now includes information about `dnf makecache --timer` not trying further mirrors if the first mirror fails Previously, the information that the `dnf makecache --timer` command does not try further mirrors in a repository mirrorlist if the first mirror failed was not included in the DNF(8) man page. With this update, the documentation was updated to include this information.
    • Done
    • None

      dnf-makecache.service logs:

      Nov 10 13:38:03 jik4.kamens.us dnf[684995]: Errors during downloading metadata for repository 'epel':
      Nov 10 13:38:03 jik4.kamens.us dnf[684995]: - Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://epel.mirror.constant.com/8/Everything/x86_64/repodata/repomd.xml [SSL certificate problem: certificate has expired]
      Nov 10 13:38:03 jik4.kamens.us dnf[684995]: Error: Failed to download metadata for repo 'epel': Cannot download repomd.xml: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://epel.mirror.constant.com/8/Everything/x86_64/repodata/repomd.xml [SSL certificate problem: certificate has expired]
      Nov 10 13:38:03 jik4.kamens.us systemd[1]: dnf-makecache.service: Main process exited, code=exited, status=1/FAILURE
      Nov 10 13:38:03 jik4.kamens.us systemd[1]: dnf-makecache.service: Failed with result 'exit-code'.
      Nov 10 13:38:03 jik4.kamens.us systemd[1]: Failed to start dnf makecache.

      It shouldn't give up if there's an SSL certificate error with a mirror. It should switch to a different mirror.

              rhn-support-ppisar Petr Pisar
              jik@kamens.brookline.ma.us jik@kamens.brookline.ma.us (Inactive)
              packaging-team-maint packaging-team-maint
              Jan Blazek Jan Blazek
              Mariya Pershina Mariya Pershina
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: