1215627 – Repositories refer to http:// instead to https:// libcurl not accepting

Bug 1215627 - Repositories refer to http:// instead to https:// libcurl not accepting

Summary: Repositories refer to http:// instead to https:// libcurl not accepting

Status:	RESOLVED DUPLICATE of bug 1207567

Alias:	None

Product:	openSUSE Tumbleweed
Classification:	openSUSE
Component:	libzypp (show other bugs)
Version:	Current
Hardware:	x86-64 openSUSE Tumbleweed

Priority:	P5 - None Severity: Normal (vote)
Target Milestone:	---
Assignee:	E-mail List
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2023-09-23 07:06 UTC by Hugo Oosterkamp
Modified:	2023-09-23 09:29 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Hugo Oosterkamp 2023-09-23 07:06:38 UTC

Good morning,

I have manually changed the standard opensuse tumbleweed repositories from http to https, this works.
When enabling the codecs repository, then there is a redirect to an http site, which is rejected by libcurl 

Cut and paste from terminal:

Retrieving: libopenh264-7-2.3.1-2.suse1699.30.x86_64.rpm ..................................................................................................................[error]
Download (curl) error for 'https://codecs.opensuse.org/openh264/openSUSE_Tumbleweed/x86_64/libopenh264-7-2.3.1-2.suse1699.30.x86_64.rpm':
Error code:  Unsupported protocol or redirect (location: http://ciscobinary.openh264.org/libopenh264-7-2.3.1-2.suse1699.30.x86_64.rpm)
Error message: Redirect to protocol "http" not supported or disabled in libcurl

Hugo

Comment 1 Andreas Stieger 2023-09-23 08:14:33 UTC

HTTPS downgrade “support“ is a bad idea, so recommend that this is not manually changed in this way

*** This bug has been marked as a duplicate of bug 1207567 ***

Comment 2 Hugo Oosterkamp 2023-09-23 08:39:33 UTC

On a clean installation of OpenSue Tumbleweed (not an upgrade) the repositories are set up by default in the system as http://

In order to use "sudo zypper ref" I first have to upgrade manually all the repositories from http:// to https://

Once the "s" has been added, it is possible to do a "sudo zypper ref" followed by a "sudo zypper dup"

Then it works like charm. Except when the codec repository is enabled, that probably has to do with a redirect to a http:// site.

Comment 3 Andreas Stieger 2023-09-23 08:48:24 UTC

Why do you think you "have" to make this change?
What seems to be failing if you have it?

Using https over http offers no additional integrity or authenticity compared to package and repository metadata signing.

Comment 4 Hugo Oosterkamp 2023-09-23 09:29:04 UTC

Otherwise the system would not preform an upgrade, either using yast or zypper. Maybe there is a restriction on libcurl not allowing unsecure sites.

In previous editions (prior 2022) of the 4.5GiB iso file the repositories would show up as https://  



I have reset the url to the original http version and now the issue has been resolved. Also reset the other urls to http versions and was able to install a piece of software. No problem either.

If it pops up again, I will report it under "installation"