Bug 2088303

Summary: Webhook raises "certificate verify failed" error even the target host is trusted by the system SSL CA bundle
Product: Red Hat Satellite Reporter: Hao Chang Yu <hyu>
Component: Hooks and WebhooksAssignee: Oleh Fedorenko <ofedoren>
Status: CLOSED ERRATA QA Contact: Griffin Sullivan <gsulliva>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.10.5CC: ahumbe, mhulan, ofedoren, pcreech, zhunting
Target Milestone: 6.12.0Keywords: Patch, Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: foreman_webhooks-3.0.4 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-11-16 13:33:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Hao Chang Yu 2022-05-19 07:17:40 UTC 
Description of problem:
If "X509 Certification Authorities" is not set, Webhook will use empty certificate store to verify the target host which will cause the "certificate verify failed" error even the target host is trusted by the system SSL CA bundle. 


/var/log/foreman/production.log
---------------------------------------------
2022-05-19T16:20:49 [I|app|176de3f1] Performing 'hao_test_hook_2' webhook request for event 'actions.remote_execution.run_host_job_succeeded.event.foreman'
2022-05-19T16:20:49 [W|app|176de3f1] Could not parse HTTP headers JSON, ignoring: no implicit conversion of nil into String
2022-05-19T16:20:50 [W|app|176de3f1] Failed to execute the webhook hao_test_hook -> actions.remote_execution.run_host_job_succeeded.event.foreman
2022-05-19T16:20:50 [I|app|176de3f1] Backtrace for 'Failed to execute the webhook hao_test_hook -> actions.remote_execution.run_host_job_succeeded.event.foreman' error (OpenSSL::SSL::SSLError): SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)
 176de3f1 | /opt/rh/rh-ruby27/root/usr/share/ruby/net/protocol.rb:44:in `connect_nonblock'
 176de3f1 | /opt/rh/rh-ruby27/root/usr/share/ruby/net/protocol.rb:44:in `ssl_socket_connect'
 176de3f1 | /opt/rh/rh-ruby27/root/usr/share/ruby/net/http.rb:1009:in `connect'
 176de3f1 | /opt/rh/rh-ruby27/root/usr/share/ruby/net/http.rb:943:in `do_start'
 176de3f1 | /opt/rh/rh-ruby27/root/usr/share/ruby/net/http.rb:932:in `start'
 176de3f1 | /opt/rh/rh-ruby27/root/usr/share/ruby/net/http.rb:1483:in `request'
 176de3f1 | /usr/share/foreman/lib/foreman/http_proxy/net_http_extension.rb:12:in `request'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman_webhooks-2.0.1/app/services/foreman_webhooks/webhook_service.rb:123:in `request'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman_webhooks-2.0.1/app/services/foreman_webhooks/webhook_service.rb:54:in `execute'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman_webhooks-2.0.1/app/jobs/foreman_webhooks/deliver_webhook_job.rb:15:in `perform'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activejob-6.0.3.7/lib/active_job/execution.rb:40:in `block in perform_now'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/callbacks.rb:112:in `block in run_callbacks'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/i18n-1.8.2/lib/i18n.rb:313:in `with_locale'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activejob-6.0.3.7/lib/active_job/translation.rb:9:in `block (2 levels) in <module:Translation>'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/callbacks.rb:121:in `instance_exec'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/callbacks.rb:121:in `block in run_callbacks'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/core_ext/time/zones.rb:66:in `use_zone'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activejob-6.0.3.7/lib/active_job/timezones.rb:9:in `block (2 levels) in <module:Timezones>'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/callbacks.rb:121:in `instance_exec'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/callbacks.rb:121:in `block in run_callbacks'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activejob-6.0.3.7/lib/active_job/logging.rb:25:in `block (4 levels) in <module:Logging>'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/notifications.rb:180:in `block in instrument'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/notifications/instrumenter.rb:24:in `instrument'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/notifications.rb:180:in `instrument'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activejob-6.0.3.7/lib/active_job/logging.rb:24:in `block (3 levels) in <module:Logging>'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activejob-6.0.3.7/lib/active_job/logging.rb:47:in `tag_logger'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activejob-6.0.3.7/lib/active_job/logging.rb:21:in `block (2 levels) in <module:Logging>'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/callbacks.rb:121:in `instance_exec'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/callbacks.rb:121:in `block in run_callbacks'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/callbacks.rb:139:in `run_callbacks'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activejob-6.0.3.7/lib/active_job/execution.rb:39:in `perform_now'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activejob-6.0.3.7/lib/active_job/execution.rb:25:in `block in execute'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/callbacks.rb:112:in `block in run_callbacks'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activejob-6.0.3.7/lib/active_job/railtie.rb:43:in `block (4 levels) in <class:Railtie>'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/execution_wrapper.rb:88:in `wrap'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/reloader.rb:72:in `block in wrap'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/execution_wrapper.rb:88:in `wrap'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/reloader.rb:71:in `wrap'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activejob-6.0.3.7/lib/active_job/railtie.rb:42:in `block (3 levels) in <class:Railtie>'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/callbacks.rb:121:in `instance_exec'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/callbacks.rb:121:in `block in run_callbacks'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/callbacks.rb:139:in `run_callbacks'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activejob-6.0.3.7/lib/active_job/execution.rb:23:in `execute'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/active_job/queue_adapter.rb:47:in `run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/action.rb:572:in `block (3 levels) in execute_run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/stack.rb:27:in `pass'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware.rb:19:in `pass'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/action/progress.rb:31:in `with_progress_calculation'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/action/progress.rb:17:in `run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/stack.rb:23:in `call'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/stack.rb:27:in `pass'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware.rb:19:in `pass'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-4.1.5/app/lib/actions/middleware/load_setting_values.rb:20:in `run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/stack.rb:23:in `call'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/stack.rb:27:in `pass'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware.rb:19:in `pass'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-4.1.5/app/lib/actions/middleware/keep_current_request_id.rb:15:in `block in run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-4.1.5/app/lib/actions/middleware/keep_current_request_id.rb:52:in `restore_current_request_id'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-4.1.5/app/lib/actions/middleware/keep_current_request_id.rb:15:in `run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/stack.rb:23:in `call'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/stack.rb:27:in `pass'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware.rb:19:in `pass'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-4.1.5/app/lib/actions/middleware/keep_current_timezone.rb:15:in `block in run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-4.1.5/app/lib/actions/middleware/keep_current_timezone.rb:44:in `restore_curent_timezone'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-4.1.5/app/lib/actions/middleware/keep_current_timezone.rb:15:in `run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/stack.rb:23:in `call'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/stack.rb:27:in `pass'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware.rb:19:in `pass'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-4.1.5/app/lib/actions/middleware/keep_current_taxonomies.rb:15:in `block in run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-4.1.5/app/lib/actions/middleware/keep_current_taxonomies.rb:45:in `restore_current_taxonomies'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-4.1.5/app/lib/actions/middleware/keep_current_taxonomies.rb:15:in `run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/stack.rb:23:in `call'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/stack.rb:27:in `pass'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware.rb:19:in `pass'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware.rb:32:in `run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/stack.rb:23:in `call'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/stack.rb:27:in `pass'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware.rb:19:in `pass'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-4.1.5/app/lib/actions/middleware/keep_current_user.rb:15:in `block in run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-4.1.5/app/lib/actions/middleware/keep_current_user.rb:54:in `restore_curent_user'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-4.1.5/app/lib/actions/middleware/keep_current_user.rb:15:in `run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/stack.rb:23:in `call'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/world.rb:31:in `execute'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/action.rb:571:in `block (2 levels) in execute_run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/action.rb:570:in `catch'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/action.rb:570:in `block in execute_run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/action.rb:473:in `block in with_error_handling'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/action.rb:473:in `catch'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/action.rb:473:in `with_error_handling'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/action.rb:565:in `execute_run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/action.rb:286:in `execute'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/execution_plan/steps/abstract_flow_step.rb:18:in `block (2 levels) in execute'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/execution_plan/steps/abstract.rb:167:in `with_meta_calculation'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/execution_plan/steps/abstract_flow_step.rb:17:in `block in execute'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/execution_plan/steps/abstract_flow_step.rb:32:in `open_action'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/execution_plan/steps/abstract_flow_step.rb:16:in `execute'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/director.rb:69:in `execute'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/executors/sidekiq/worker_jobs.rb:11:in `block (2 levels) in perform'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/executors.rb:18:in `run_user_code'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/executors/sidekiq/worker_jobs.rb:9:in `block in perform'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/executors/sidekiq/worker_jobs.rb:25:in `with_telemetry'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/executors/sidekiq/worker_jobs.rb:8:in `perform'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/executors/sidekiq/serialization.rb:27:in `perform'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/processor.rb:192:in `execute_job'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/processor.rb:165:in `block (2 levels) in process'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/middleware/chain.rb:128:in `block in invoke'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/middleware/chain.rb:133:in `invoke'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/processor.rb:164:in `block in process'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/processor.rb:137:in `block (6 levels) in dispatch'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/job_retry.rb:109:in `local'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/processor.rb:136:in `block (5 levels) in dispatch'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq.rb:37:in `block in <module:Sidekiq>'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/processor.rb:132:in `block (4 levels) in dispatch'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/processor.rb:250:in `stats'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/processor.rb:127:in `block (3 levels) in dispatch'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/job_logger.rb:8:in `call'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/processor.rb:126:in `block (2 levels) in dispatch'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/job_retry.rb:74:in `global'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/processor.rb:125:in `block in dispatch'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/logging.rb:48:in `with_context'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/logging.rb:42:in `with_job_hash_context'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/processor.rb:124:in `dispatch'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/processor.rb:163:in `process'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/processor.rb:83:in `process_one'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/processor.rb:71:in `run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/util.rb:16:in `watchdog'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/util.rb:25:in `block in safe_thread'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/logging-2.3.0/lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context'
---------------------------------------------


Steps to Reproduce:
1. In Satellite, make sure the target host is trusted by the system SSL CA bundle by adding its CA certificates to "/etc/pki/ca-trust/source/anchors/" directory and run "update-ca-trust" command.
2. Run "curl https://target.host.com" to test it
3. In Satellite web UI -> Adminster -> Webhooks -> Add new web hook with the following data:

Subscribe to = "Actions Remote Execution Run Host Job Succeeded"
Template: Remote Execution Host Job
Target url: https://target.host.com/sub/paths
Enabled: Check
Verify SSL: Check
Capsule Authorization: Uncheck
X509 Certification Authorities: Empty

4. Now run a SSH REX job against any host and wait for it to finish successfully.


Actual results:
In /var/log/foreman/production.log

Backtrace for 'Failed to execute the webhook hao_test_hook -> actions.remote_execution.run_host_job_succeeded.event.foreman' error (OpenSSL::SSL::SSLError): SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)

Expected results:
No error
Comment 4 Oleh Fedorenko 2022-07-26 12:20:55 UTC 
Created redmine issue https://projects.theforeman.org/issues/35281 from this bug
Comment 5 Bryan Kearney 2022-08-03 16:04:49 UTC 
Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/35281 has been resolved.
Comment 6 Zach Huntington-Meath 2022-08-08 11:45:31 UTC 
Hi Oleh,

Can we get a new release of foreman_webhooks that will have the fix for this bug?
Comment 7 Griffin Sullivan 2022-09-07 13:48:28 UTC 
Verification currently blocked by https://bugzilla.redhat.com/show_bug.cgi?id=2124928
Comment 8 Griffin Sullivan 2022-09-19 16:04:51 UTC 
Verified in 6.12 snap 11

Webhooks no longer raise certificate error when x509 Certificate Authorities is blank and target host is trusted by the system.

Steps to Reproduce:
1. In Satellite, make sure the target host is trusted by the system SSL CA bundle by adding its CA certificates to "/etc/pki/ca-trust/source/anchors/" directory and run "update-ca-trust" command.
2. Run "curl https://target.host.com" to test it
3. In Satellite web UI -> Adminster -> Webhooks -> Add new web hook with the following data:

Subscribe to = "Actions Remote Execution Run Host Job Succeeded"
Template: Remote Execution Host Job
Target url: https://target.host.com/sub/paths
Enabled: Check
Verify SSL: Check
Capsule Authorization: Uncheck
X509 Certification Authorities: Empty

4. Now run a SSH REX job against any host and wait for it to finish successfully.

Results:

Webhook runs successfully.
Comment 12 errata-xmlrpc 2022-11-16 13:33:51 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Satellite 6.12 Release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:8506