Bug 995592
Summary: | pywbem fails to verify any server certificate | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Michal Minar <miminar> | ||||
Component: | pywbem | Assignee: | Michal Minar <miminar> | ||||
Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 19 | CC: | david, jsafrane, miminar, phatina | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | pywbem-0.7.0-15.20130723svn623.fc20 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2013-08-09 19:30:55 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Created attachment 784952 [details] fix for pywbem Description of problem: When using secured connection (over https), pywbem fails to verify server's certificate. Version-Release number of selected component (if applicable): pywbem-0.7.0-11.20130702svn622.fc19 How reproducible: Always Steps to Reproduce: 1. install tog-pegasus on server 2. install openlmi-tools client 3. install server's pem certificate (/etc/Pegasus/server.pem on server) to client's certificates dir (/etc/pki/tls/certs on client) 4. rehash certificates on client: $ cacertdir_rehash /etc/pki/tls/certs 5. try to instantiate secure connection to server: 6. $ lmishell > c = connect(server_address, 'user', 'password') Actual results: Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')] Expected results: No error Additional info: OpenSSL library invoked by pywbem does not know, where to search for certificates, attached patch solves this by setting *defaults* search paths to context.