Original Message:
Sent: Fri December 05, 2025 05:48 AM
From: Ayappan P
Subject: dnf update fails after AIX upgrade to AIX 7.3 and DNF installation
Check the ssl connectivity to public.dhe.ibm.com.,
openssl s_client -connect public.dhe.ibm.com:443
curl -v anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml
------------------------------
Ayappan P
Original Message:
Sent: Fri December 05, 2025 05:05 AM
From: Guy Harte
Subject: dnf update fails after AIX upgrade to AIX 7.3 and DNF installation
Hi Lakshmi,
# openssl s_client -connect example.com:443
CONNECTED(00000004)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G3
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert Global G3 TLS ECC SHA384 2020 CA1
verify return:1
depth=0 C = US, ST = California, L = Los Angeles, O = Internet Corporation for Assigned Names and Numbers, CN = *.example.com
verify return:1
---
Certificate chain
0 s:C = US, ST = California, L = Los Angeles, O = Internet Corporation for Assigned Names and Numbers, CN = *.example.com
i:C = US, O = DigiCert Inc, CN = DigiCert Global G3 TLS ECC SHA384 2020 CA1
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA384
v:NotBefore: Jan 15 00:00:00 2025 GMT; NotAfter: Jan 15 23:59:59 2026 GMT
1 s:C = US, O = DigiCert Inc, CN = DigiCert Global G3 TLS ECC SHA384 2020 CA1
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G3
a:PKEY: id-ecPublicKey, 384 (bit); sigalg: ecdsa-with-SHA384
v:NotBefore: Apr 14 00:00:00 2021 GMT; NotAfter: Apr 13 23:59:59 2031 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFmzCCBSGgAwIBAgIQCtiTuvposLf7ekBPBuyvmjAKBggqhkjOPQQDAzBZMQsw
CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypEaWdp
Q2VydCBHbG9iYWwgRzMgVExTIEVDQyBTSEEzODQgMjAyMCBDQTEwHhcNMjUwMTE1
MDAwMDAwWhcNMjYwMTE1MjM1OTU5WjCBjjELMAkGA1UEBhMCVVMxEzARBgNVBAgT
CkNhbGlmb3JuaWExFDASBgNVBAcTC0xvcyBBbmdlbGVzMTwwOgYDVQQKEzNJbnRl
cm5ldCBDb3Jwb3JhdGlvbiBmb3IgQXNzaWduZWQgTmFtZXMgYW5kIE51bWJlcnMx
FjAUBgNVBAMMDSouZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
AASaSJeELWFsCMlqFKDIOIDmAMCH+plXDhsA4tiHklfnCPs8XrDThCg3wSQRjtMg
cXS9k49OCQPOAjuw5GZzz6/uo4IDkzCCA48wHwYDVR0jBBgwFoAUiiPrnmvX+Tdd
+W0hOXaaoWfeEKgwHQYDVR0OBBYEFPDBajIN7NrH6o/NDW0ZElnRvnLtMCUGA1Ud
EQQeMByCDSouZXhhbXBsZS5jb22CC2V4YW1wbGUuY29tMD4GA1UdIAQ3MDUwMwYG
Z4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQ
...................
-----END CERTIFICATE-----
subject=C = US, ST = California, L = Los Angeles, O = Internet Corporation for Assigned Names and Numbers, CN = *.example.com
issuer=C = US, O = DigiCert Inc, CN = DigiCert Global G3 TLS ECC SHA384 2020 CA1
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2722 bytes and written 397 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 795A31B0871E9067BE98DC9F93BB33AFD93486E87C4CE8780B28F09DD70BC0CF
Session-ID-ctx:
Resumption PSK: 7BB196047770D58631A6CBBE09DD228F3256D79A9A84A21B78BAC359233BEC78153A4E4DF2F1FE3125E87CE6E9AB3635
TLS session ticket lifetime hint: 83100 (seconds)
TLS session ticket:
0000 - 00 02 0d ff e1 14 6b a8-43 65 22 1d 29 d5 35 36 ......k.Ce".).56
0010 - 03 ab a0 29 ad 89 9d c4-8a 2c 03 fa 82 05 65 2a ...).....,....e*
0020 - 9f 2b ec a5 b4 b1 cf d7-25 de 3d 8e ab 12 46 10 .+......%.=...F.
0030 - b5 5c 3e 5d bd 36 f5 0d-8c dc 74 37 15 53 74 42 .\>].6....t7.StB
0040 - 90 68 55 9e 64 27 4e 56-05 a5 00 88 f6 55 72 92 .hU.d'NV.....Ur.
0050 - f1 c0 16 e3 1a 45 5f f0-52 9a 32 3a 89 9a 18 12 .....E_.R.2:....
0060 - 85 27 00 50 e5 e1 66 50-81 84 ad fb 1c c8 59 e6 .'.P..fP......Y.
0070 - b9 a5 23 eb 4e ba 29 c6-8e f8 34 da c9 e0 8f d2 ..#.N.)...4.....
0080 - 5d 8a 8b 46 7a f8 9f 38-c8 16 12 ee a4 2a 76 16 ]..Fz..8.....*v.
0090 - 3f 55 25 9e a8 c6 ca 28-a9 55 d6 ee e2 7a 7e a8 ?U%....(.U...z~.
00a0 - 2d 7f 9c f7 1e 39 9a ab-f8 e7 fc 61 fc ad 6c a2 -....9.....a..l.
00b0 - b1 a8 d4 d9 ac 28 69 94-73 0b b4 04 eb 00 11 d5 .....(i.s.......
00c0 - d6 0e 74 a2 3d 36 8b 24-64 1c ea 36 b7 df e8 98 ..t.=6.$d..6....
00d0 - f3 9b 0d 80 05 c8 95 f3-bf ab 31 79 22 6d 74 f1 ..........1y"mt.
00e0 - 13 43 7d 0f de 62 3d e0-4c ea 77 51 dc 5e 83 71 .C}..b=.L.wQ.^.q
Start Time: 1764928961
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 416E8B1D939B7FE9B06C3F987CCA7BC96CC919990F9A4E74389D1BC87636A0D1
Session-ID-ctx:
Resumption PSK: 798E9E7EAA1B19A894473BD123A3F5EB3578D37EF3E889B4053FF23E37E9939E159C77A154D6FBE2804A815DD8891FEE
TLS session ticket lifetime hint: 83100 (seconds)
TLS session ticket:
0000 - 00 02 0d ff e1 14 6b a8-43 65 22 1d 29 d5 35 36 ......k.Ce".).56
0010 - 76 9e 96 c0 be 52 e9 08-c9 0d 5e 76 9e 4a e3 b3 v....R....^v.J..
0020 - 05 98 6e 68 4f 38 6c 6b-63 b7 b2 73 b6 ea 7e 67 ..nhO8lkc..s..~g
0030 - 5f 3a d7 54 9b e0 d3 bc-73 39 d4 ec f7 4a 82 29 _:.T....s9...J.)
0040 - 15 03 d7 65 98 79 63 2b-d8 91 bb ac 8d 70 cf 4e ...e.yc+.....p.N
0050 - 02 53 6b b4 ce ae a7 85-b8 13 d2 5f 87 ab 80 96 .Sk........_....
0060 - cf 60 ce cb 48 29 41 c0-76 97 5d 30 ba 4b 13 d0 .`..H)A.v.]0.K..
0070 - e1 5e 04 c7 16 08 1c f9-6a 0c d3 12 e4 51 40 26 .^......j....Q@&
0080 - cf 70 07 8b 7c 2f f3 28-07 91 36 5f 25 53 f1 91 .p..|/.(..6_%S..
0090 - e9 31 84 8a 89 e9 9f d1-a0 78 18 11 53 46 a2 08 .1.......x..SF..
00a0 - 89 0c f1 bc c9 07 e3 c6-26 e4 59 c2 5a c8 e8 81 ........&.Y.Z...
00b0 - 57 b5 a4 a3 64 c2 07 46-2b 2a e3 e7 60 2b 03 b1 W...d..F+*..`+..
00c0 - 6d 56 b3 00 4e a5 26 3e-35 61 88 eb 68 f9 5f bb mV..N.&>5a..h._.
00d0 - 5b 26 79 dc 16 f9 1f 1e-e0 e0 3b 73 78 ad ad f0 [&y.......;sx...
00e0 - 24 ff 89 0a 78 ea a1 01-6e 6d f5 86 69 f3 1f 62 $...x...nm..i..b
Start Time: 1764928961
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
closed
Also, changing sslverify to 0 in /opt/freeware/etc/dnf/dnf.conf solved/bypass the issue.
With sslverify=0, "dnf update" works fine.
------------------------------
Guy Harte
Original Message:
Sent: Fri December 05, 2025 03:44 AM
From: Lakshmi Surekha Kovvuri
Subject: dnf update fails after AIX upgrade to AIX 7.3 and DNF installation
Hi Guy,
Can you please check using this command: openssl s_client -connect example.com:443?
------------------------------
Lakshmi Surekha Kovvuri
Original Message:
Sent: Thu December 04, 2025 01:51 PM
From: Guy Harte
Subject: dnf update fails after AIX upgrade to AIX 7.3 and DNF installation
Hi Lakshmi,
# rpm -e ca-certificates --nodeps
warning: %postun(ca-certificates-2024.2.66-2.ppc) scriptlet failed, exit status 255
# rpm -ivh ca-certificates-2024.2.66-2.aix7.1.ppc.rpm
Verifying... ################################# [100%]
Preparing... ################################# [100%]
Updating / installing...
1:ca-certificates-2024.2.66-2 ################################# [100%]
# updtvpkg
Please wait...
# dnf update
AIX generic repository 0.0 B/s | 0 B 00:01
Traceback (most recent call last):
File "/opt/freeware/bin/dnf", line 59, in <module>
main.user_main(sys.argv[1:], exit_code=True)
File "/opt/freeware/lib/python3.12/site-packages/dnf/cli/main.py", line 208, in user_main
errcode = main(args)
^^^^^^^^^^
File "/opt/freeware/lib/python3.12/site-packages/dnf/cli/main.py", line 67, in main
return _main(base, args, cli_class, option_parser_class)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/freeware/lib/python3.12/site-packages/dnf/cli/main.py", line 106, in _main
return cli_run(cli, base)
^^^^^^^^^^^^^^^^^^
File "/opt/freeware/lib/python3.12/site-packages/dnf/cli/main.py", line 122, in cli_run
cli.run()
File "/opt/freeware/lib/python3.12/site-packages/dnf/cli/cli.py", line 1098, in run
self._process_demands()
File "/opt/freeware/lib/python3.12/site-packages/dnf/cli/cli.py", line 787, in _process_demands
self.base.fill_sack(
File "/opt/freeware/lib/python3.12/site-packages/dnf/base.py", line 413, in fill_sack
self._add_repo_to_sack(r)
File "/opt/freeware/lib/python3.12/site-packages/dnf/base.py", line 141, in _add_repo_to_sack
repo.load()
File "/opt/freeware/lib/python3.12/site-packages/dnf/repo.py", line 574, in load
ret = self._repo.load()
^^^^^^^^^^^^^^^^^
File "/opt/freeware/lib64/python3.12/site-packages/libdnf/repo.py", line 467, in load
return _repo.Repo_load(self)
^^^^^^^^^^^^^^^^^^^^^
libdnf._error.Error: Failed to download metadata for repo 'AIX_Toolbox': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
:( still the error.
------------------------------
Guy Harte
Original Message:
Sent: Thu December 04, 2025 01:44 PM
From: Lakshmi Surekha Kovvuri
Subject: dnf update fails after AIX upgrade to AIX 7.3 and DNF installation
Hi Guy,
Could you please do the following:
-
Download the RPM (you can use a machine that has wget and then copy it to this system):
-
Remove the existing ca-certificates package (ignore dependencies):
-
Install the downloaded RPM:
and then dnf update?
------------------------------
Lakshmi Surekha Kovvuri
Original Message:
Sent: Thu December 04, 2025 01:27 PM
From: Guy Harte
Subject: dnf update fails after AIX upgrade to AIX 7.3 and DNF installation
Hi Lakshmi,
Same result :
# updtvpkg
Please wait...
# dnf update
AIX generic repository 0.0 B/s | 0 B 00:01
Traceback (most recent call last):
File "/opt/freeware/bin/dnf", line 59, in <module>
main.user_main(sys.argv[1:], exit_code=True)
File "/opt/freeware/lib/python3.12/site-packages/dnf/cli/main.py", line 208, in user_main
errcode = main(args)
^^^^^^^^^^
File "/opt/freeware/lib/python3.12/site-packages/dnf/cli/main.py", line 67, in main
return _main(base, args, cli_class, option_parser_class)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/freeware/lib/python3.12/site-packages/dnf/cli/main.py", line 106, in _main
return cli_run(cli, base)
^^^^^^^^^^^^^^^^^^
File "/opt/freeware/lib/python3.12/site-packages/dnf/cli/main.py", line 122, in cli_run
cli.run()
File "/opt/freeware/lib/python3.12/site-packages/dnf/cli/cli.py", line 1098, in run
self._process_demands()
File "/opt/freeware/lib/python3.12/site-packages/dnf/cli/cli.py", line 787, in _process_demands
self.base.fill_sack(
File "/opt/freeware/lib/python3.12/site-packages/dnf/base.py", line 413, in fill_sack
self._add_repo_to_sack(r)
File "/opt/freeware/lib/python3.12/site-packages/dnf/base.py", line 141, in _add_repo_to_sack
repo.load()
File "/opt/freeware/lib/python3.12/site-packages/dnf/repo.py", line 574, in load
ret = self._repo.load()
^^^^^^^^^^^^^^^^^
File "/opt/freeware/lib64/python3.12/site-packages/libdnf/repo.py", line 467, in load
return _repo.Repo_load(self)
^^^^^^^^^^^^^^^^^^^^^
libdnf._error.Error: Failed to download metadata for repo 'AIX_Toolbox': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
# dnf check
libgcc-1:13-2.ppc has missing requires of AIX-rpm < 7.3.0.0
libgcc13-13.3.0-1.ppc has missing requires of AIX-rpm < 7.3.0.0
libgomp-1:13-2.ppc has missing requires of AIX-rpm < 7.3.0.0
libgomp13-13.3.0-1.ppc has missing requires of AIX-rpm < 7.3.0.0
libstdc++-1:13-2.ppc has missing requires of AIX-rpm < 7.3.0.0
libstdc++13-13.3.0-1.ppc has missing requires of AIX-rpm < 7.3.0.0
Error: Check discovered 6 problem(s)
And in the /var/log/dnf.log :
2025-12-04T19:29:54CET DEBUG repo: downloading from remote: AIX_Toolbox
2025-12-04T19:29:54CET DEBUG error: Curl error (60): SSL peer certificate or SSH remote key was not OK for anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml [SSL certificate problem: self-signed certificate in certificate chain] (https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml).
2025-12-04T19:29:54CET DEBUG error: Curl error (60): SSL peer certificate or SSH remote key was not OK for anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml [SSL certificate problem: self-signed certificate in certificate chain] (https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml).
2025-12-04T19:29:55CET DEBUG error: Curl error (60): SSL peer certificate or SSH remote key was not OK for anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml [SSL certificate problem: self-signed certificate in certificate chain] (https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml).
2025-12-04T19:29:55CET DEBUG error: Curl error (60): SSL peer certificate or SSH remote key was not OK for anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml [SSL certificate problem: self-signed certificate in certificate chain] (https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml).
2025-12-04T19:29:55CET DDEBUG Cleaning up.
2025-12-04T19:29:55CET DDEBUG Plugins were unloaded.
------------------------------
Guy Harte
Original Message:
Sent: Thu December 04, 2025 12:26 PM
From: Lakshmi Surekha Kovvuri
Subject: dnf update fails after AIX upgrade to AIX 7.3 and DNF installation
Hi Guy,
1. Can you please run "updtvpkg" and then try the "dnf update"
2. also share the output of "dnf check"
------------------------------
Lakshmi Surekha Kovvuri
Original Message:
Sent: Thu December 04, 2025 11:18 AM
From: Guy Harte
Subject: dnf update fails after AIX upgrade to AIX 7.3 and DNF installation
Hi Lakshmi,
Here are the outputs :
libXft-2.3.1-1.ppc
tk-8.5.8-1.ppc
unzip-64bit-6.0-3.ppc
tcl-8.5.10-1.ppc
lpar2rrd-agent-8.00-0.ppc
popt-1.16-2.ppc
rsync_64-3.1.1-1.ppc
libgcc-13-2.ppc
zlib-1.2.13-1.ppc
ncurses-6.5-1.ppc
cyrus-sasl-2.1.28-1.ppc
xz-libs-5.8.1-1.ppc
libffi-3.4.4-2.ppc
libgomp-13-2.ppc
libxml2-2.14.4-1.ppc
libunistring-1.1-1.ppc
gettext-0.21-2.ppc
openldap-devel-2.5.16-3.ppc
libtasn1-4.19.0-1.ppc
p11-kit-tools-0.25.5-2.ppc
bash-4.3-12.ppc
libXrender-0.9.7-2.ppc
fontconfig-2.8.0-2.ppc
expect-5.45-1.ppc
zip-3.0-3.ppc
freetype2-2.4.10-1.ppc
libgcc13-13.3.0-1.ppc
libstdc++13-13.3.0-1.ppc
libstdc++-13-2.ppc
db-5.3.28-1.ppc
openldap-2.5.16-3.ppc
pcre2-10.45-2.ppc
libgomp13-13.3.0-1.ppc
glib2-2.83.2-1.ppc
libtextstyle-0.21-2.ppc
libiconv-1.17-1.ppc
sudo-1.9.17p1-1.ppc
p11-kit-0.25.5-2.ppc
AIX-rpm-7.3.3.1-29.ppc
gpg-pubkey-41eea8e0-6800ac55
zstd-1.5.7-64_1.ppc
gnupg2-2.4.8-0.ppc
rpm-python3.12-4.15.1-64_6.ppc
rpm-python3-4.15.1-64_6.ppc
libgpg-error-1.51-1.ppc
libzstd-1.5.7-100.ppc
json-c-0.18-1.ppc
check-0.15.2-1.ppc
libsmartcols-2.41-100.ppc
expat-2.7.3-1.ppc
libcomps-0.1.22-100.ppc
python3.12-libcomps-0.1.22-100.ppc
libassuan-2.5.6-1.ppc
gpgme-1.24.3-100.ppc
python3.12-gpg-1.24.3-100.ppc
libssh2-1.11.1-1.ppc
libnghttp2-1.62.1-1.ppc
krb5-libs-1.21.3-3.ppc
curl-8.14.1-1.ppc
zchunk-libs-1.5.2-100.ppc
librepo-1.20.0-100.ppc
python3.12-librepo-1.20.0-100.ppc
libyaml-0.2.5-1.ppc
libmodulemd-2.15.2-100.ppc
bzip2-1.0.8-2.ppc
libsolv-0.7.35-64_50.ppc
info-7.2-1.ppc
readline-8.2-1.ppc
sqlite-3.50.4-1.ppc
python3-librepo-1.20.0-100.ppc
python3-libcomps-0.1.22-100.ppc
gdbm-1.23-1.ppc
python3.12-3.12.12-1.ppc
python3-3.12.12-1.ppc
python3.9-3.9.24-1.ppc
rpm-python3.9-4.15.1-64_4.ppc
python3-gpg-1.24.3-100.ppc
ca-certificates-2024.2.66-2.ppc
libdnf-0.74.0-64_52.ppc
python3.12-libdnf-0.74.0-64_52.ppc
python3.12-hawkey-0.74.0-64_52.ppc
dnf-data-4.23.0-64_50.ppc
python3.12-dnf-4.23.0-64_50.ppc
python3-dnf-4.23.0-64_50.ppc
dnf-4.23.0-64_50.ppc
dnf-automatic-4.23.0-64_50.ppc
python3-hawkey-0.74.0-64_52.ppc
python3-libdnf-0.74.0-64_52.ppc
# lslpp -l | grep openssl
openssl.base 3.0.15.1001 COMMITTED Open Secure Socket Layer
openssl.license 3.0.15.1001 COMMITTED Open Secure Socket License
openssl.man.en_US 3.0.15.1001 COMMITTED Open Secure Socket Layer
openssl.base 3.0.15.1001 COMMITTED Open Secure Socket Layer
# cat /opt/freeware/etc/dnf/dnf.conf
# see `man dnf.conf` for defaults and possible options
[main]
cachedir=/var/cache/dnf
keepcache=1
debuglevel=2
logfile=/var/log/dnf.log
obsoletes=1
plugins=1
gpgcheck=True
installonly_limit=3
clean_requirements_on_remove=True
best=True
skip_if_unavailable=True
optional_metadata_types=filelists
proxy=http://192.168.48.34:443
[AIX_Toolbox]
name=AIX generic repository
baseurl=https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/
enabled=1
gpgkey=file:///opt/freeware/etc/dnf/RPM-GPG-KEY-IBM-AIX-Toolbox
gpgcheck=1
[AIX_Toolbox_noarch]
name=AIX noarch repository
baseurl=https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/noarch/
enabled=1
gpgkey=file:///opt/freeware/etc/dnf/RPM-GPG-KEY-IBM-AIX-Toolbox
gpgcheck=1
[AIX_Toolbox_73]
name=AIX 7.3 specific repository
baseurl=https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc-7.3/
enabled=1
gpgkey=file:///opt/freeware/etc/dnf/RPM-GPG-KEY-IBM-AIX-Toolbox
gpgcheck=1
------------------------------
Guy Harte
Original Message:
Sent: Thu December 04, 2025 11:00 AM
From: Lakshmi Surekha Kovvuri
Subject: dnf update fails after AIX upgrade to AIX 7.3 and DNF installation
Hi Guy,
Can you please share the output of below commands:
1. rpm -qa
2. lslpp -l | grep openssl
3. cat /opt/freeware/etc/dnf/dnf.conf
------------------------------
Lakshmi Surekha Kovvuri
Original Message:
Sent: Thu December 04, 2025 09:03 AM
From: Guy Harte
Subject: dnf update fails after AIX upgrade to AIX 7.3 and DNF installation
Hello,
After AIX migration to AIX 7.3 and dnf install, dnf update fails :
# /opt/freeware/bin/dnf update --allowerasing
AIX generic repository 0.0 B/s | 0 B 00:01
Traceback (most recent call last):
File "/opt/freeware/bin/dnf", line 59, in <module>
main.user_main(sys.argv[1:], exit_code=True)
File "/opt/freeware/lib/python3.12/site-packages/dnf/cli/main.py", line 208, in user_main
errcode = main(args)
^^^^^^^^^^
File "/opt/freeware/lib/python3.12/site-packages/dnf/cli/main.py", line 67, in main
return _main(base, args, cli_class, option_parser_class)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/freeware/lib/python3.12/site-packages/dnf/cli/main.py", line 106, in _main
return cli_run(cli, base)
^^^^^^^^^^^^^^^^^^
File "/opt/freeware/lib/python3.12/site-packages/dnf/cli/main.py", line 122, in cli_run
cli.run()
File "/opt/freeware/lib/python3.12/site-packages/dnf/cli/cli.py", line 1098, in run
self._process_demands()
File "/opt/freeware/lib/python3.12/site-packages/dnf/cli/cli.py", line 787, in _process_demands
self.base.fill_sack(
File "/opt/freeware/lib/python3.12/site-packages/dnf/base.py", line 413, in fill_sack
self._add_repo_to_sack(r)
File "/opt/freeware/lib/python3.12/site-packages/dnf/base.py", line 141, in _add_repo_to_sack
repo.load()
File "/opt/freeware/lib/python3.12/site-packages/dnf/repo.py", line 574, in load
ret = self._repo.load()
^^^^^^^^^^^^^^^^^
File "/opt/freeware/lib64/python3.12/site-packages/libdnf/repo.py", line 467, in load
return _repo.Repo_load(self)
^^^^^^^^^^^^^^^^^^^^^
libdnf._error.Error: Failed to download metadata for repo 'AIX_Toolbox': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
The delow dnf packages are installed :
# rpm -qa | grep dnf
libdnf-0.74.0-64_52.ppc
python3.12-libdnf-0.74.0-64_52.ppc
dnf-data-4.23.0-64_50.ppc
python3.12-dnf-4.23.0-64_50.ppc
python3-dnf-4.23.0-64_50.ppc
dnf-4.23.0-64_50.ppc
dnf-automatic-4.23.0-64_50.ppc
python3-libdnf-0.74.0-64_52.ppc
# rpm -qa | grep curl
curl-8.14.1-1.ppc
openssl not installed in the server.
Found this in the dnf log :
2025-12-04T16:07:45CET DEBUG repo: downloading from remote: AIX_Toolbox
2025-12-04T16:07:45CET DEBUG error: Curl error (60): SSL peer certificate or SSH remote key was not OK for anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml [SSL certificate problem: self-signed certificate in certificate chain] (https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml).
2025-12-04T16:07:45CET DEBUG error: Curl error (60): SSL peer certificate or SSH remote key was not OK for anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml [SSL certificate problem: self-signed certificate in certificate chain] (https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml).
2025-12-04T16:07:46CET DEBUG error: Curl error (60): SSL peer certificate or SSH remote key was not OK for anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml [SSL certificate problem: self-signed certificate in certificate chain] (https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml).
2025-12-04T16:07:46CET DEBUG error: Curl error (60): SSL peer certificate or SSH remote key was not OK for anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml">https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml [SSL certificate problem: self-signed certificate in certificate chain] (https://anonymous:anonymous@public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/repodata/repomd.xml).
2025-12-04T16:07:46CET DDEBUG Cleaning up.
2025-12-04T16:07:46CET DDEBUG Plugins were unloaded
Any idea?
Regards
Guy
------------------------------
Guy Harte
------------------------------