Please visit http://www.pulpproject.org/ if you want some more information about the pulp (Juicy software repository management) project.
We were having trouble syncing multiple pulp repositories with redhat cdn, this was cause by the incorrect negotiation of SSL version:
+----------------------------------------------------------------------+
Synchronizing Repository [dummy]
+----------------------------------------------------------------------+
This command may be exited via ctrl+c without affecting the request.
Downloading metadata...
[\]
... failed
[Errno 8] _ssl.c:504: EOF occurred in violation of protocol
Here is some testcode to manually reproduce the error:
from os.path import abspath, dirname, join
import requests
import logging
logging.basicConfig(level=logging.DEBUG)
logger = logging.getLogger(__name__)
import ssl
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.poolmanager import PoolManager
class Ssl3HttpAdapter(HTTPAdapter):
""""Transport adapter" that allows us to use SSLv3."""
def init_poolmanager(self, connections, maxsize, block=False):
self.poolmanager = PoolManager(num_pools=connections,maxsize=maxsize,block=block,ssl_version=ssl.PROTOCOL_SSLv3)
BASEDIR=abspath(dirname(__file__))
rhn_url = "https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/cf-tools/1/os/repodata/repomd.xml"
cert = join(BASEDIR, "redhat-cert.pem")
cacert = join(BASEDIR, "redhat-ca.pem")
key = join(BASEDIR, "redhat-key.pem")
s = requests.session()
s.cert = (cert, key)
s.verify = cacert
s.mount('https://cdn.redhat.com',Ssl3HttpAdapter())
print s.get(rhn_url)
If we mount the Ssl3HttpAdapter to the requests session we can communicate with redhat cdn.
It took quite a while before this bug was reported and a patch was available:
SOLUTION: https://bugzilla.redhat.com/show_bug.cgi?id=1099243
References:
- http://lukasa.co.uk/2013/01/Choosing_SSL_Version_In_Requests/
- https://bugzilla.redhat.com/show_bug.cgi?id=1039471