Bug #8436
Updated by François ARMAND over 8 years ago
_**_On On some old OS (for example: SUSE Linux Enterprise Server 11 (x86_64), VERSION = 11, PATCHLEVEL = 3, OpenSSL 0.9.8j-fips 07 Jan 2009), when the node try to get the server uuid, we get an error: <pre> curl -L -k -1 -s -f --proxy '' https://xxx.xxx.xxx.xxx/uuid : an error occured, returned 51 </pre> The error message means: "The remote server's SSL certificate or SSH md5 fingerprint was deemed not OK." The same command, without the -1 option (meaning: force use TLS), works on these OS. A workaround is to update openssl. An other workaround is to remove the -1 from the command line in the different files it appears: - on a policy server: <pre> sed -i "s/-k -1/-k/" /var/rudder/configuration-repository/techniques/system/inventory/1.0/fusionAgent.st sed -i "s/-k -1/-k/" /var/rudder/configuration-repository/techniques/system/distributePolicy/1.0/propagatePromises.st sed -i "s/-k -1/-k/" /opt/rudder/share/initial-promises/inventory/1.0/fusionAgent.cf </pre> - on a node: <pre> sed -i "s/-k -1/-k/" /opt/rudder/share/initial-promises/inventory/1.0/fusionAgent.cf sed -i "s/-k -1/-k/" /var/rudder/cfengine-community/inputs/inventory/1.0/fusionAgent.cf </pre>