Cannot enter sslbase parameter

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Cannot enter sslbase parameter

ralmond

I'm running Bugzilla 4.4.13 under RHEL 7 (yes, I'm deliberately using the
older version as I don't want to deal with the fact that RHEL uses an out of
date perl stack).

I think I've got everything set up correctly, and I can access the site from
https://pluto.coe.fsu.edu/bugzilla/.  However, when I submit the page, I
get:

    The new value for sslbase is invalid: Failed to connect to
pluto.coe.fsu.edu:443; unable to enable SSL.

I certainly can connect to that URL through my web browser, so something
else is not right.  I'm not seeing any error messages in
/var/log/httpd/ssl_error_log.

Here is my bugzilla.conf (from /etc/httpd/conf.d):

Alias /bugzilla "/www1/www/html/bugzilla/"
<Directory /www1/www/html/bugzilla>
AddHandler cgi-script .cgi
Options +Indexes +ExecCGI +FollowSymLinks
DirectoryIndex index.cgi
AllowOverride Limit FileInfo Indexes AuthConfig Options
</Directory>


It is possible I'm missing some perl component, but I don't know what to
check for there.  Is there anything else I should be doing to debug this?





--
Sent from: http://mozilla.6506.n7.nabble.com/Bugzilla-Users-f55892.html
_______________________________________________
support-bugzilla mailing list
[hidden email]
https://lists.mozilla.org/listinfo/support-bugzilla
PLEASE put [hidden email] in the To: field when you reply.
Reply | Threaded
Open this post in threaded view
|

Re: Cannot enter sslbase parameter

ralmond
On Tuesday, July 31, 2018 at 2:27:48 AM UTC-4, Thorsten Schöning wrote:

> Guten Tag ralmond,
> am Dienstag, 31. Juli 2018 um 00:38 schrieben Sie:
>
> >     The new value for sslbase is invalid: Failed to connect to
> > pluto.coe.fsu.edu:443; unable to enable SSL.
>
> Newer versions of Bugzilla would provide the actual error message in
> Bugzilla::Common::check_sslbase:
>
> >        my $sin = sockaddr_in($port, $iaddr);
> >        if (!connect(SOCK, $sin)) {
> >            return "Failed to connect to $host:$port ($!); unable to enable SSL";
> >        }
>
> So at least temporarily change the error message and try again. I
> guess you are most likely missing opessl-related packages Perl relies
> on or have some problem in your network setup, like outgoing firewall
> rules, wrong routing or such. Keep in mind that you are accessing your
> Bugzilla from the public using a browser, but the Perl check is issued
> locally on the server using the public host name, so it needs to be
> able to resolve that host name and access it like you are doing.
>
> Mit freundlichen Grüßen,
>
> Thorsten Schöning
>
>

The magic command for debugging seems to be
tail /var/log/messages

Turns out it is an SElinux problem (httpd didn't have permission to access the web).
That could be fixed with:

## Allow bugzilla to send http messages
setsebool -P httpd_can_network_connect 1
setsebool -P nis_enabled 1

BTW, I also needed to run:
## Set permissions so these can be accessed by httpd
chcon -R --type=httpd_sys_content_t .
chcon --type=httpd_sys_script_exec_t *.cgi
chcon -R --type=httpd_sys_rw_content_t data

to make sure httpd could properly access the files.
_______________________________________________
support-bugzilla mailing list
[hidden email]
https://lists.mozilla.org/listinfo/support-bugzilla
PLEASE put [hidden email] in the To: field when you reply.