> Hello--sorry it took so long to respond. And I apologize for the length of > this email. > > Yes, the curl command returns an xml file. I included an excerpt from the > output: > > "About to connect() to download.copr.fedorainfracloud.org port 443 (#0) > * Trying 13.32.153.64... > * Connected to download.copr.fedorainfracloud.org (13.32.153.64) port 443 (#0) > * Initializing NSS with certpath: sql:/etc/pki/nssdb > * skipping SSL peer certificate verification > * SSL connection using TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 > * Server certificate: > * subject: CN=download.copr.fedorainfracloud.org > * start date: Nov 30 00:00:00 2021 GMT > * expire date: May 11 19:03:32 2022 GMT > * common name: download.copr.fedorainfracloud.org > * issuer: CN=DoD WCF Signing CA 2,OU=WCF PKI,OU=DoD,O=U.S. > Government,C=US
This really looks like on-path TLS interception to me - note the certificate issuer in your output. This is certainly not the TLS certificate I see for 13.32.153.64 from my vantage point (also note the different cipher suite chosen, despite the same, stock RHEL 7 curl version being used): * About to connect() to download.copr.fedorainfracloud.org port 443 (#0) * Trying 13.32.153.64... * Connected to download.copr.fedorainfracloud.org (13.32.153.64) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * skipping SSL peer certificate verification * SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 * Server certificate: * subject: CN=download.copr.fedorainfracloud.org * start date: Nov 30 00:00:00 2021 GMT * expire date: Dec 28 23:59:59 2022 GMT * common name: download.copr.fedorainfracloud.org * issuer: CN=Amazon,OU=Server CA 1B,O=Amazon,C=US Given this, I am pretty certain that whatever transparent proxy intercepts the HTTPS requests which yum sends from your host does not like *something* about them and returns HTTP 503 Service Unavailable errors. I am afraid you will have to figure out what that "something" is yourself, though, because it looks like an environment-specific issue to me at this point and not a problem with Copr itself. Good luck! -- Best regards, Michał Kępień -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users