Page 1 of 1

Getting 'problem making ssl connection' trying to update yum for EPEL

Posted: 2019/05/13 17:12:11
by ttblum
Hello,

When I try to update yum I'm getting 'problem making ssl connection' for the EPEL and Extras repos:

Code: Select all

$ yum repolist
Loaded plugins: fastestmirror, security
Setting up Install Process
Loading mirror speeds from cached hostfile
Could not get metalink https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=x86_64 error was
14: problem making ssl connection
 * epel: mirrors.develooper.com
 * extras: repos.lax.quadranet.com
 ...
I changed /etc/yum.repos.d/epel.repo to use the base repos instead of using mirrors:

Code: Select all

/etc/yum.repos.d/epel.repo

[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
That does work:

Code: Select all

Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
 * base: mirror.sfo12.us.leaseweb.net
 * extras: centos.sonn.com
 * updates: mirror.scalabledns.com
https://download.fedoraproject.org/pub/epel/6/x86_64/repodata/repomd.xml: [Errno 14] problem making ssl connection
Trying other mirror.
repo id                                                                                     repo name                                                                                                       status
base                                                                                        CentOS-6 - Base                                                                                                  6,713
epel                                                                                        Extra Packages for Enterprise Linux 6 - x86_64                                                                  12,527
extras                                                                                      CentOS-6 - Extras                                                                                                   46
mysql-connectors-community                                                                  MySQL Connectors Community                                                                                          94
mysql-tools-community                                                                       MySQL Tools Community                                                                                               78
mysql56-community                                                                           MySQL 5.6 Community Server                                                                                         512
updates                                                                                     CentOS-6 - Updates                                                                                                 438
repolist: 20,678
However, the URL starts with 'http' (http://download.fedoraproject.org/pub/epel/6/$basearch), so I'm concerned that certificates might not be verified or traffic might not be encrypted.

Does 'baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch' mean that it's going over http?

Re: Getting 'problem making ssl connection' trying to update yum for EPEL

Posted: 2019/05/13 17:21:43
by TrevorH
What's the output from uname -a (please only obscure the hostname portion if you must obscure anything at all) and from rpm -q openssl

Re: Getting 'problem making ssl connection' trying to update yum for EPEL

Posted: 2019/05/13 18:08:11
by avij
Your CentOS is too old to use https URLs from fedoraproject.org. You can work around this by updating your CentOS first; yum update --disablerepo=epel\*

After this is done, yum update should be able to update the EPEL packages you have installed.

Re: Getting 'problem making ssl connection' trying to update yum for EPEL

Posted: 2019/05/13 20:10:52
by ttblum
Hello,

Does this mean that downloading packages over https is no longer supported on CentoOS 6.x?

If I set 'baseurl=https://download.fedoraproject.org/pub/epel/6/$basearch' in /etc/yum.repos.d/epel.repo I am able to install my packages OK without any errors.

This works:

Code: Select all

/etc/yum.repos.d/epel.repo

[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
baseurl=https://download.fedoraproject.org/pub/epel/6/$basearch
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
Does this mean it's using https?

Code: Select all

$ uname -a
Linux xxxx.yyy.zzz 2.6.32-573.12.1.el6.x86_64 #1 SMP Tue Dec 15 21:19:08 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

Code: Select all

$ rpm -q openssl
openssl-1.0.1e-42.el6_7.2.x86_64
I realize Centos 6.x is going to be discontinued in November, but I was hoping to be able to download packages over https for another few months.

Re: Getting 'problem making ssl connection' trying to update yum for EPEL

Posted: 2019/05/13 20:32:18
by TrevorH
Yes, the point is that you haven't run yum update in such a long time that your system is no longer able ot make SSL connections in a secure manner. You need to run yum --disablerepo=\* --enablerepo=base,updates update to get your CentOS itself up to date (currently you are on 6.7 from 2015 and thus missing 4 *years* of security updates and enhancements.

Once that's done and you've rebooted into the new kernel and all the new libraries that were updated, you stand a better chance of it working.

Re: Getting 'problem making ssl connection' trying to update yum for EPEL

Posted: 2019/05/14 16:15:47
by ttblum
Thanks, after updating to CentOS 6.10 I can use all repos (including EPEL) without any errors.