Getting 'problem making ssl connection' trying to update yum for EPEL

General support questions
Post Reply
ttblum
Posts: 3
Joined: 2019/05/13 16:20:44

Getting 'problem making ssl connection' trying to update yum for EPEL

Post by ttblum » 2019/05/13 17:12:11

Hello,

When I try to update yum I'm getting 'problem making ssl connection' for the EPEL and Extras repos:

Code: Select all

$ yum repolist
Loaded plugins: fastestmirror, security
Setting up Install Process
Loading mirror speeds from cached hostfile
Could not get metalink https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=x86_64 error was
14: problem making ssl connection
 * epel: mirrors.develooper.com
 * extras: repos.lax.quadranet.com
 ...
I changed /etc/yum.repos.d/epel.repo to use the base repos instead of using mirrors:

Code: Select all

/etc/yum.repos.d/epel.repo

[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
That does work:

Code: Select all

Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
 * base: mirror.sfo12.us.leaseweb.net
 * extras: centos.sonn.com
 * updates: mirror.scalabledns.com
https://download.fedoraproject.org/pub/epel/6/x86_64/repodata/repomd.xml: [Errno 14] problem making ssl connection
Trying other mirror.
repo id                                                                                     repo name                                                                                                       status
base                                                                                        CentOS-6 - Base                                                                                                  6,713
epel                                                                                        Extra Packages for Enterprise Linux 6 - x86_64                                                                  12,527
extras                                                                                      CentOS-6 - Extras                                                                                                   46
mysql-connectors-community                                                                  MySQL Connectors Community                                                                                          94
mysql-tools-community                                                                       MySQL Tools Community                                                                                               78
mysql56-community                                                                           MySQL 5.6 Community Server                                                                                         512
updates                                                                                     CentOS-6 - Updates                                                                                                 438
repolist: 20,678
However, the URL starts with 'http' (http://download.fedoraproject.org/pub/epel/6/$basearch), so I'm concerned that certificates might not be verified or traffic might not be encrypted.

Does 'baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch' mean that it's going over http?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Getting 'problem making ssl connection' trying to update yum for EPEL

Post by TrevorH » 2019/05/13 17:21:43

What's the output from uname -a (please only obscure the hostname portion if you must obscure anything at all) and from rpm -q openssl
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: Getting 'problem making ssl connection' trying to update yum for EPEL

Post by avij » 2019/05/13 18:08:11

Your CentOS is too old to use https URLs from fedoraproject.org. You can work around this by updating your CentOS first; yum update --disablerepo=epel\*

After this is done, yum update should be able to update the EPEL packages you have installed.

ttblum
Posts: 3
Joined: 2019/05/13 16:20:44

Re: Getting 'problem making ssl connection' trying to update yum for EPEL

Post by ttblum » 2019/05/13 20:10:52

Hello,

Does this mean that downloading packages over https is no longer supported on CentoOS 6.x?

If I set 'baseurl=https://download.fedoraproject.org/pub/epel/6/$basearch' in /etc/yum.repos.d/epel.repo I am able to install my packages OK without any errors.

This works:

Code: Select all

/etc/yum.repos.d/epel.repo

[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
baseurl=https://download.fedoraproject.org/pub/epel/6/$basearch
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
Does this mean it's using https?

Code: Select all

$ uname -a
Linux xxxx.yyy.zzz 2.6.32-573.12.1.el6.x86_64 #1 SMP Tue Dec 15 21:19:08 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

Code: Select all

$ rpm -q openssl
openssl-1.0.1e-42.el6_7.2.x86_64
I realize Centos 6.x is going to be discontinued in November, but I was hoping to be able to download packages over https for another few months.
Last edited by ttblum on 2019/05/13 20:36:12, edited 1 time in total.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Getting 'problem making ssl connection' trying to update yum for EPEL

Post by TrevorH » 2019/05/13 20:32:18

Yes, the point is that you haven't run yum update in such a long time that your system is no longer able ot make SSL connections in a secure manner. You need to run yum --disablerepo=\* --enablerepo=base,updates update to get your CentOS itself up to date (currently you are on 6.7 from 2015 and thus missing 4 *years* of security updates and enhancements.

Once that's done and you've rebooted into the new kernel and all the new libraries that were updated, you stand a better chance of it working.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

ttblum
Posts: 3
Joined: 2019/05/13 16:20:44

Re: Getting 'problem making ssl connection' trying to update yum for EPEL

Post by ttblum » 2019/05/14 16:15:47

Thanks, after updating to CentOS 6.10 I can use all repos (including EPEL) without any errors.

Post Reply