Bug 995592

Summary: pywbem fails to verify any server certificate
Product: [Fedora] Fedora Reporter: Michal Minar <miminar>
Component: pywbemAssignee: Michal Minar <miminar>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 19CC: david, jsafrane, miminar, phatina
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: pywbem-0.7.0-15.20130723svn623.fc20 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-08-09 19:30:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
fix for pywbem none

Description Michal Minar 2013-08-09 19:19:52 UTC 
Created attachment 784952 [details]
fix for pywbem

Description of problem:
  When using secured connection (over https), pywbem fails to verify server's certificate.

Version-Release number of selected component (if applicable):
  pywbem-0.7.0-11.20130702svn622.fc19


How reproducible:
  Always

Steps to Reproduce:
1. install tog-pegasus on server
2. install openlmi-tools client
3. install server's pem certificate (/etc/Pegasus/server.pem on server) to client's certificates dir (/etc/pki/tls/certs on client)
4. rehash certificates on client:
      $ cacertdir_rehash /etc/pki/tls/certs
5. try to instantiate secure connection to server:
6.    $ lmishell
      > c = connect(server_address, 'user', 'password')

Actual results:
  Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]

Expected results:
  No error

Additional info:
  OpenSSL library invoked by pywbem does not know, where to search for certificates, attached patch solves this by setting *defaults* search paths to context.