frank.hornung_at_stihl.de
Date: Thu Nov 03 2005 - 16:47:37 CET
Message-ID: <098DC734CC21D411B9EF0000F646424A063842D0@sv013338.de.stihl.net> From: frank.hornung@stihl.de Date: Thu, 3 Nov 2005 16:47:37 +0100 Subject: [suse-sles-e] Suse Portal Migration / shutdown of sdb.suse.de and sdb2.suse.de / failing updates using Yast online update
Hello,
i experience problem with the migration from suse-portal to novell portal.
Because the two servers sdb.suse.de and sdb2.suse.de will be shut down in
January next year i have to switch to the update-server
https://you.novell.com <https://you.novell.com> .
I followed the paper
http://support.novell.com/techcenter/articles/SLES_Updating.html
<http://support.novell.com/techcenter/articles/SLES_Updating.html> without
luck.
I tracked down the problem and found out that Yast (which uses curl) is not
able to authenticate with a MS-ISA proxy server when a https-site e.g.
https://you.novell.com <https://you.novell.com> is called (http works).
There is a bug in the curl-version which SLES 9 uses (curl-7.11.0-39.9)
which is described in curl-Bug: 1188280
(http://curl.haxx.se/mail/tracker-2005-05/0006.html
<http://curl.haxx.se/mail/tracker-2005-05/0006.html> ).
Because of that a updated curl-package (e.g curl 7.15) is needed from
Novell/Suse.
It is possible that updated yast packages are also needed.
Does anyone else encounter the same problem?
If this is not fixed soon, i (and any one else behind a MS-ISA proxy) will
not be able to download patches anymore.
Detailed Information to this problem is appended to the end of this mail.
Will someone at suse please address this issue?
Regards
Frank
Details:
the combination of yast-onlineupdate and curl do not work with a https-proxy
(e.g MS-ISA).
There seem to be two problems:
1.
curl has in SLES 9 Version curl-7.11.0-39.9 a bug in the
proxy-authentification code curl-Bug: 1188280
(http://curl.haxx.se/mail/tracker-2005-05/0006.html
<http://curl.haxx.se/mail/tracker-2005-05/0006.html> ) This problem seems
fixed in actual stable version of curl: curl-7.15.0.
(I verified this on the command line. First i started SLES9-curl and got a
message from the proxy, that authentification is required. Second i started
the actual version of curl 7.15.0 with the same commandline and there were
no errors from the proxy)
2. Yast-Onlineupdate seems to call curl wrong in case a https site is
called. Because no proxy-authentification credentials are used. (Even if i
link the new curl-version so that yast uses it).
Steps to reproduce the problem:
1. Install SLES 9 SP2 + all patches available
2. Install https-enablement patch from novell/suse
3. Setup ISA-Proxy-Server and configure Proxy in Yast Proxy-Module
4. Try to use online-update using the ISA Proxy-Server, select
https://you.novell.com/update <https://you.novell.com/update> as
Download-Target.
5. You will get error message something like:
HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires
authorization to fulfill the request. Access to the Web Proxy service is
denied. )..
6. You will see in tcpdump/ethereal that no proxy-authorization string has
been sent from yast/curl
7. Try launching curl on the command line
curl --anyauth -U proxy-user:password https://you.novell.com/update
<https://you.novell.com/update>
which fails with the same error ( and the same behaviour when sniffed with
ethereal)
8. Compile actual stable-version of curl (e.g 7.15)
Try the same commandline which now works
9. Remove the curl-libaries and replace them with the new compiled ones
(which of course is a dirty hack).
10. Start yast-onlineupdate and see, that yast still doesnt supply
proxy-authentification infos to curl
environment variables for http_proxy, https_proxy have been set with yast2
proxy module
Trace of a failing connect from YOU to https://you.novell.com
<https://you.novell.com> :
----------------------------------------------------------------------------
--- Request: ..CONNEC T you.novell.com :443 HTTP/1.0... . Response: HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to t he Web Proxy service is denied. ).. Via:1.1 servername.. Trace of a working connect from YOU to http://sdb2.suse.de <http://sdb2.suse.de> : ---------------------------------------------------------------------------- --- Request: GET http://sdb2.suse.de/download/i386/update/SUSE-CORE/9/patches/directory.3 <http://sdb2.suse.de/download/i386/update/SUSE-CORE/9/patches/directory.3> HTTP/1.1. . Proxy-authorization: "Authentification Data" Authorization: "Authentification Data" Host: sdb2.suse.de.. Response: ..HTTP/1 .1 200 OK.. Dieses E-Mail ist vertraulich. Wenn Sie nicht der rechtmaessige Empfaenger sind, duerfen Sie den Inhalt weder kopieren, verbreiten oder benutzen. Sollten Sie dieses E-Mail versehentlich erhalten haben, senden Sie es bitte an uns zurueck und loeschen es anschliessend. This E-Mail is confidential. If you are not the intended recipient, you must not copy, disclose or use its contents. If you have received it in error, please inform us immediately by return E-Mail and delete the document. Esta mensagem, e qualquer de seus anexos, eh confidencial e privilegiada. Caso voce nao seja o destinatario, nao esta autorizado a reproduzir ou divulgar a terceiros o conteudo desta mensagem e de qualquer anexo da mesma e deve apagar com os seus respectivos anexos. --------------------------------------------------------------------- To unsubscribe, e-mail: suse-sles-e-unsubscribe@suse.com For additional commands, e-mail: suse-sles-e-help@suse.com
This archive was generated by hypermail 2.1.7 : Thu Nov 03 2005 - 16:47:55 CET