Bug 1038004

Summary: Document recent ssl support changes - hostname and server certificate validation
Product: Red Hat Enterprise MRG Reporter: Petr Matousek <pematous>
Component: Messaging_Installation_and_Configuration_GuideAssignee: Jared MORGAN <jmorgan>
Status: CLOSED CURRENTRELEASE QA Contact: Petr Matousek <pematous>
Severity: high Docs Contact:
Priority: unspecified    
Version: DevelopmentCC: esammons, jross, mmurray
Target Milestone: 3.0   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 965441 Environment:
Last Closed: 2015-01-22 15:27:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 965441    
Bug Blocks: 885167, 885173    

Comment 1 Petr Matousek 2013-12-04 09:20:22 UTC 
This content is also valid for mrg-m-3.0.0 and shall be incorporated to the 3.0 MCIG.
Comment 2 Joshua Wulf 2014-04-01 20:24:39 UTC 
Change also applied in MRG 3:

http://deathstar1.usersys.redhat.com:3000/builds/18173-Messaging_Installation_and_Configuration_Guide/index.html#Configure_SASL_using_a_Local_Password_File
Comment 3 Petr Matousek 2014-05-05 11:38:56 UTC 
(In reply to Joshua Wulf from comment #2)
> Change also applied in MRG 3:
> 
> http://deathstar1.usersys.redhat.com:3000/builds/18173-
> Messaging_Installation_and_Configuration_Guide/index.
> html#Configure_SASL_using_a_Local_Password_File

The above mentioned chapter is not related to the bug description. These bug is related to SSL python client setup. I would expect a new chapter "Enable SSL in Python Clients" (like in MCIG for MRG 2.x). The description is still missing in the 3.x documentation.

-> ASSIGNED
Comment 4 Joshua Wulf 2014-05-06 01:29:47 UTC 
Sorry, my bad - that was the wrong link!

Try this one: http://deathstar1.usersys.redhat.com:3000/builds/18173-Messaging_Installation_and_Configuration_Guide/index.html#Enable_SSL_in_Python_Clients1
Comment 5 Petr Matousek 2014-05-06 11:27:57 UTC 
The content looks good now, only one issue here:

As mentioned in the bug description above (point 2.), the following sentence is no longer valid:
"Server authentication is not supported."

I'd suggest the following change:

<<<
"The Python client has some limitations in SSL functionality.

Server authentication is not supported. Python clients support authentication with SSL, with some caveats:

The Python clients ..."

>>>
"The Python client has some limitations in SSL functionality:

Server authentication must be demanded, client name must be explicitly provided when using EXTERNAL SASL mechanism for authentication.

The Python clients ..."
Comment 6 Joshua Wulf 2014-05-15 07:07:57 UTC 
Thanks!

Updated: http://deathstar1.usersys.redhat.com:3000/builds/18173-Messaging_Installation_and_Configuration_Guide/index.html#Enable_SSL_in_Python_Clients1
Comment 7 Petr Matousek 2014-05-15 08:15:39 UTC 
Thakns for the update. Content approved.

-> VERIFIED