Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1136768

Summary: --insecure options still requires a valid CA cert
Product: Red Hat Enterprise Virtualization Manager Reporter: Simone Tiraboschi <stirabos>
Component: ovirt-engine-iso-uploaderAssignee: Simone Tiraboschi <stirabos>
Status: CLOSED ERRATA QA Contact: Pavel Stehlik <pstehlik>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.4.0CC: ecohen, gklein, iheim, juwu, pstehlik, rbalakri, Rhev-m-bugs, sbonazzo, scohen, stirabos, yeylon
Target Milestone: ---Keywords: ZStream
Target Release: 3.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: integration
Fixed In Version: rhevm-iso-uploader-3.5.0-1.el6ev Doc Type: Bug Fix
Doc Text:
Cause: --insecure option skip SSL validation but it still requires a valid CA cert Consequence: The user should still supply the pat of a CA cert Fix: Avoiding CA file check Result: with --insecure option the user could also avoid to prove the CA cert path
 Story Points: ---
Clone Of:
: 1142131 (view as bug list) Environment:
Last Closed: 2015-02-11 17:48:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1142131, 1156162    

Description Simone Tiraboschi 2014-09-03 09:30:07 UTC 
Description of problem:
iso-uploader shows the same behavior describer here https://bugzilla.redhat.com/1136434 for image-uploader. 

--insecure still requires a valid CA cert

Version-Release number of selected component (if applicable):


How reproducible:
100%

Steps to Reproduce:
1. Use iso-uploader with --insecure option and an invalid  CA cert
2.
3.

Actual results:
ERROR: Problem connecting to the REST API.  Is the service available and does the CA certificate exist?

Expected results:
- insecure option is honored

Additional info:
Comment 3 Petr Beňas 2014-09-23 13:32:01 UTC 
still happening in vt3.1

[root@pb-rh35 foo]# engine-iso-uploader upload -i ISO_DOMAIN --insecure --cert-file=ca.pem test.iso
Please provide the REST API password for the admin@internal oVirt Engine user (CTRL+D to abort): 
ERROR: Problem connecting to the REST API.  Is the service available and does the CA certificate exist?
ERROR: Unable to get ISO domain data
INFO: Use the -h option to see usage.
[root@pb-rh35 foo]# rpm -qa | grep iso-uploader
Comment 4 Petr Beňas 2014-09-23 13:32:29 UTC 
Truncated copy-paste, sorry 

 [root@pb-rh35 foo]# rpm -qa | grep iso-uploader
rhevm-iso-uploader-3.5.0-0.3.beta.el6ev.noarch
Comment 5 Sandro Bonazzola 2014-09-25 14:09:37 UTC 
Sorry, forgot to set fixed-in-version.
Comment 6 Petr Beňas 2014-09-25 16:54:11 UTC 
in rhevm-image-uploader-3.5.0-1.el6ev.noarch
Comment 8 Julie 2015-01-27 04:13:50 UTC 
Hi Simone, 
   In regards to "Fix: Avoiding CA file check. Result: with --insecure option the user could also avoid to prove the CA cert path", isn't the --insecure option doesn't work fixed in BZ1100824? Do we still want to tell users to avoid CA file check? If not, I think the requires_doc_text flag can set to -. 

Cheers,
Julie
Comment 9 Simone Tiraboschi 2015-01-27 07:42:06 UTC 
Hi Julie, the two patches together solve the issue: now using --insecure option it skips the SSL validation and so the user doesn't also need to provide a correct path to CA cert file.
Comment 11 errata-xmlrpc 2015-02-11 17:48:53 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0191.html