| Summary: | Unencrypted client connections need an explicit set_verify_host in order to work | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Michele Baldessari <michele> |
| Component: | openwsman | Assignee: | Vitezslav Crhonek <vcrhonek> |
| Status: | CLOSED ERRATA | QA Contact: | Alois Mahdal <amahdal> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 7.3 | CC: | amahdal, fdinitto, ovasik, royoung |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | openwsman-2.3.6-14.el7 | Doc Type: | No Doc Update |
| Doc Text: |
undefined
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-08-01 19:28:44 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | |||
| Bug Blocks: | 1380364, 1393870, 1400961 | ||
With the following single upstream patch, things work as expected again
commit 37f4fc672f2b72debde9bb8b79e4073d40cd4cbc
Author: Klaus Kämpf <kkaempf>
Date: Thu Jul 11 09:39:11 2013 +0200
Fix curl_easy_setopt call for CURLOPT_SSL_VERIFYHOST, only values 2 or 0 are accepted
The dedicated test is now passing with openwsman-2.3.6-14.el7 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2126 |
Description of problem: Here is a small testcase connecting to AMT via HTTP 1) Not working #!/usr/bin/python import pywsman client = pywsman.Client('192.0.2.99', 16992, '/wsman', 'http', 'admin', 'foo') options = pywsman.ClientOptions() doc = client.identify(options) print(doc.root()) $ ./minimal.py Traceback (most recent call last): File "./minimal.py", line 8, in <module> print(doc.root()) AttributeError: 'NoneType' object has no attribute 'root' 2) Working #!/usr/bin/python import pywsman client = pywsman.Client('192.0.2.99', 16992, '/wsman', 'http', 'admin', 'foo') client.transport().set_verify_host(False) options = pywsman.ClientOptions() doc = client.identify(options) print(doc.root()) $ ./minimal.py http://schemas.dmtf.org/wbem/wsman/1/wsman.xsdIntel(r)AMT 8.11.0.0..... Version-Release number of selected component (if applicable): libwsman1-2.3.6-13.el7.x86_64 openwsman-python-2.3.6-13.el7.x86_64 Additional info: I raise this bug, only because this seems to be fixed in a later version. If I take rpms from here http://download.opensuse.org/repositories/Openwsman/CentOS_CentOS-7/x86_64/ and install the following: libwsman3-2.6.2-170.3 openwsman-python-2.6.2-170.3 wsmancli-2.6.0-56.13 I observe that the test works without needing the set_verify_host(False) call: $ more minimal.py #!/usr/bin/python import pywsman client = pywsman.Client('192.0.2.99', 16992, '/wsman', 'http', 'admin', 'foo') #client.transport().set_verify_host(False) options = pywsman.ClientOptions() doc = client.identify(options) print(doc.root()) [stack@undercloud ~]$ ./minimal.py http://schemas.dmtf.org/wbem/wsman/1/wsman.xsdIntel(r)AMT 8.11.0.0.... I will see which specific commit that fixes this, later on. I need this to get ironic working with AMT boxes