Bug 1487296

Summary: Old version of python-backports-ssl_match_hostname being shipped
Product: [Community] RDO Reporter: Mohammed Naser <mnaser>
Component: distributionAssignee: Haïkel Guémar <karlthered>
Status: CLOSED CURRENTRELEASE QA Contact: Shai Revivo <srevivo>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: trunkCC: amoralej, karlthered, markmc, srevivo
Target Milestone: ---   
Target Release: trunk   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-07-30 10:56:56 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mohammed Naser 2017-08-31 14:55:11 UTC 
Description of problem:
At the moment, the version of `python-backports-ssl_match_hostname` which is being shipped is 3.4.0 which is missing a patch which is needed to validate IPs in SSL certificates.  This causes endless warnings and tracebacks in the OpenStack Magnum logs.

Version-Release number of selected component (if applicable):
python-backports-ssl_match_hostname 3.4.0
magnum is affected

How reproducible:
You need to have OpenStack Magnum deployed and then deploy a K8S cluster using it.  It will show tracebacks in the logs every few seconds due to failed SSL verification (because it tries to contact the server by the IP and 3.4.0 doesn't support that).

Steps to Reproduce:
1. Deploy Magnum
2. Deploy cluster
3. View logs

Actual results:
Stats fail to get collected

Expected results:
Stats should be collected without tracebacks

Additional info:
The specific patch which solves the problem in 3.5.0
https://bitbucket.org/brandon/backports.ssl_match_hostname/diff/backports/ssl_match_hostname/__init__.py?diff2=a8ef5d616d92&at=default
Comment 1 Haïkel Guémar 2017-08-31 14:57:11 UTC 
Scratch build passed: http://cbs.centos.org/koji/taskinfo?taskID=217826

It's a compatibility backport from python3 stdlib, and API is stable, so I'm personally fine with pushing it as there's no update planned in EL7.
Comment 2 Alfredo Moralejo 2020-07-30 10:56:56 UTC 
RDO ships python-backports-ssl_match_hostname-3.5.0.1-1.el7 since queens.

Closing this bz as currentrelease