[UG] Hostname being verified with sslverify=0

Kaushik Muthuravichandran m.kaushik at gmail.com
Wed Jan 7 13:04:22 UTC 2015


Hello,

The parameter sslverify=0 tries to verify the hostname specified in the
baseurl  option with the subject in ssl certificate, and causes the
following error to be thrown when yum commands are run:

[Errno 14] PYCURL ERROR 51 - "SSL: certificate subject name 'xxxxxxx.xxxx'
does not match target host name '10.10.10.10"

I am using python-urlgrabber-3.9.1-8.el6.noarch.

This patch fixes the issue:

--- grabber.py.old    2015-01-07 12:50:40.194922557 +0000
+++ grabber.py.new    2015-01-07 12:51:34.707163121 +0000
@@ -1198,6 +1198,8 @@
             self.curl_obj.setopt(pycurl.SSL_VERIFYPEER,
opts.ssl_verify_peer)
             if opts.ssl_verify_host: # 1 is meaningless to curl
                 self.curl_obj.setopt(pycurl.SSL_VERIFYHOST, 2)
+            else:
+                self.curl_obj.setopt(pycurl.SSL_VERIFYHOST, False)
             if opts.ssl_key:
                 self.curl_obj.setopt(pycurl.SSLKEY, opts.ssl_key)
             if opts.ssl_key_type:


Thanks,
Kaushik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.baseurl.org/pipermail/yum-devel/attachments/20150107/d05d7e2d/attachment.html>


More information about the Yum-devel mailing list