Bug 1497778
| Summary: | rhos-10 version of pyOpenSSL is partially broken (from OpenSSL import rand, crypto, SSL fails) | ||
|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Sorin Sbarnea <ssbarnea> |
| Component: | pyOpenSSL | Assignee: | Steve Linabery <slinaber> |
| Status: | CLOSED ERRATA | QA Contact: | Shai Revivo <srevivo> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 10.0 (Newton) | CC: | apevec, jjoyce, jruzicka, jschluet, lruzicka, mburns, slinaber, srevivo, ssbarnea |
| Target Milestone: | z6 | Keywords: | Rebase, Triaged, ZStream |
| Target Release: | 10.0 (Newton) | ||
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | |||
| Fixed In Version: | pyOpenSSL-16.2.0-3.el7ost | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-11-15 13:51:18 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Here is a confirmation (with lots for +1s) that assures that this problem was addressed on 16.2.x https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/293#issuecomment-266879303 https://github.com/redhat-openstack/rdoinfo/blob/master/deps.yml#L2720 Was promoted to newton release tag as part of this commit on September 19, 2017 https://github.com/redhat-openstack/rdoinfo/commit/b2964d4d5938928e29b9fe5778e909fc497768e0 from CBS Tue Sep 19 06:18:09 2017: pyOpenSSL-16.2.0-3.el7 tagged into cloud7-openstack-newton-candidate by amoralej Wed Sep 20 12:28:50 2017: pyOpenSSL-16.2.0-3.el7 untagged from cloud7-openstack-newton-candidate by hguemar Wed Sep 20 12:28:58 2017: pyOpenSSL-16.2.0-3.el7 tagged into cloud7-openstack-newton-candidate by hguemar Wed Sep 20 12:28:58 2017: pyOpenSSL-16.2.0-3.el7 tagged into cloud7-openstack-newton-testing by hguemar Sun Sep 24 11:43:43 2017: pyOpenSSL-16.2.0-3.el7 untagged from cloud7-openstack-newton-candidate by hguemar Sun Sep 24 11:43:43 2017: pyOpenSSL-16.2.0-3.el7 untagged from cloud7-openstack-newton-testing by hguemar Sun Sep 24 11:43:51 2017: pyOpenSSL-16.2.0-3.el7 tagged into cloud7-openstack-newton-candidate by hguemar [still active] Sun Sep 24 11:43:51 2017: pyOpenSSL-16.2.0-3.el7 tagged into cloud7-openstack-newton-testing by hguemar [still active] Sun Sep 24 11:43:52 2017: pyOpenSSL-16.2.0-3.el7 tagged into cloud7-openstack-newton-release by hguemar [still active] Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:3230 |
Description of problem: The version of pyOpenSSL that we ship is pyOpenSSL-0.15.1-1.el7ost.noarch which had a critical bug that breaks lots of tools. Mainly is missing the SSL export. This was already fixed in pyOpenSSL-16.2.0-3.el7ost version, version that we already packages for 11+ but didn't tag it for 10. This issue is quite problematic because is breaking Ansible yum module running on the remote host (the one with rhos 10 version of openssl). Actual results: "module_stdout": "Traceback (most recent call last):\r\n File \"/tmp/ansible_pQD8gd/ansible_module_yum.py\", line 272, in <module>\r\n from ansible.module_utils.urls import fetch_url\r\n File \"/tmp/ansible_pQD8gd/ansible_modlib.zip/ansible/module_utils/urls.py\", line 154, in <module>\r\n File \"/usr/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py\", line 46, in <module>\r\n import OpenSSL.SSL\r\n File \"/usr/lib/python2.7/site-packages/OpenSSL/__init__.py\", line 8, in <module>\r\n from OpenSSL import rand, crypto, SSL\r\n File \"/usr/lib/python2.7/site-packages/OpenSSL/SSL.py\", line 118, in <module>\r\n SSL_ST_INIT = _lib.SSL_ST_INIT\r\nAttributeError: 'module' object has no attribute 'SSL_ST_INIT'\r\n", Expected results: Success. Additional info: I tested the new version and it worked well.