AIX Open Source

 View Only
  • 1.  dnf issues with SSL after AIX 7.3 Update

    Posted Tue July 02, 2024 05:15 AM

    Hi all
    Since we have updated AIX from 7300-01-01-2246 to 7300-02-01-2346 we experience problems with some ssl stuff. 

    see here:
    # dnf update
    AIX generic repository                                                                                                                                              0.0  B/s |   0  B     00:00
    Errors during downloading metadata for repository 'AIX_Toolbox':
      - Curl error (35): SSL connect error for https://pluto/RPMS/AIX_Toolbox/repodata/repomd.xml [OpenSSL/1.1.1v: error:1408F10B:SSL routines:ssl3_get_record:wrong version number]
    Error: Failed to download metadata for repo 'AIX_Toolbox': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
    AIX generic repository noarch RPMs     

    ===========
    The rpm.rte Versions are:
    7300-01-01-2246  -> rpm.rte                4.15.1.2006
    7300-02-01-2346  .> rpm.rte                4.18.1.2001

    OpenSSL Versions:

    7300-01-01-2246 -> openssl.base             3.0.5.101
    7300-02-01-2346 -> openssl.base           3.0.10.1002

    Any help is welcome, br Lukas 



    ------------------------------
    Lukas Schmid
    ------------------------------


  • 2.  RE: dnf issues with SSL after AIX 7.3 Update

    Posted Wed July 03, 2024 02:05 AM

     Try running "openssl s_client -connect pluto:443 " . If it fails with the same error, then there is some problem with the https service running at pluto. 



    ------------------------------
    Ayappan P
    ------------------------------



  • 3.  RE: dnf issues with SSL after AIX 7.3 Update

    IBM Champion
    Posted Wed July 03, 2024 02:19 AM

    Hi,

    If the test Ayppan suggested fails, then there problem is somehow on your satellite (Pluto) side; 

    But if it works, then U might want to either update virtual package definitions on the AIX side (run /usr/sbin/updtvpkg cmd) , or if possible, update to latest 7.3 SP (7300-02-02-2420)

    Br,

    tommi



    ------------------------------
    Tommi Sihvo, Lead Service Architect
    Tietoevry Tech Services
    email tommi.sihvo@tietoevry.com mobile +358 (0)40 5180 Finland
    ------------------------------



  • 4.  RE: dnf issues with SSL after AIX 7.3 Update

    Posted Wed July 03, 2024 04:24 AM

    Hi,
    Found the problem in the Apache configuration.
    The httpd-vhosts.conf contained the wrong port!
    As per default httpd is using httpd-ssl.conf the configuration for virtual hosts cannot be :443, must be 80!
    Thanks to Ayappan, cheers Lukas 



    ------------------------------
    Lukas Schmid
    ------------------------------