Description of problem: Currently when SSL connection is not available it fallbacks to non SSL. When ssl is chosen, data should be always send in encrypted form, fallback to non ssl when ssl is not available breaks it. Also validation will always return valid, while silenty failing and switching to non ssl. Only downside is that it's not backwards compatible. New default will be SSl without validation, so provider needs to be edited to what is really supported, otherwise validation and refresh will fail.
https://github.com/ManageIQ/manageiq/pull/5637
New commit detected on cfme/5.5.z: https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=3e84fba0ba67788074f4bebc59ea0ef913c82eeb commit 3e84fba0ba67788074f4bebc59ea0ef913c82eeb Author: Ladislav Smola <lsmola> AuthorDate: Mon Nov 16 13:59:18 2015 +0100 Commit: Ladislav Smola <lsmola> CommitDate: Tue Jan 12 11:29:54 2016 +0100 Remove fallback to https When ssl is chosen, data should be always send in encrypted form, fallback to non ssl when ssl is not available breaks it. Also validation will always return valid, while silenty failing and switching to non ssl. Only downside is that it's not backwards compatible. New default will be SSl without validation, so provider needs to be edited to what is really supported, otherwise validation and refresh will fail. Fixes BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1286629 Conflicts: gems/pending/spec/openstack/openstack_handle/handle_spec.rb gems/pending/openstack/openstack_handle/handle.rb | 10 ---------- .../spec/openstack/openstack_handle/handle_spec.rb | 17 +++-------------- 2 files changed, 3 insertions(+), 24 deletions(-)
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/4bbf6953e8f4744f0744f8117075241fad2bc410 commit 4bbf6953e8f4744f0744f8117075241fad2bc410 Author: Ladislav Smola <lsmola> AuthorDate: Mon Nov 16 13:59:18 2015 +0100 Commit: Ladislav Smola <lsmola> CommitDate: Tue Jan 12 10:49:32 2016 +0100 Remove fallback to https When ssl is chosen, data should be always send in encrypted form, fallback to non ssl when ssl is not available breaks it. Also validation will always return valid, while silenty failing and switching to non ssl. Only downside is that it's not backwards compatible. New default will be SSl without validation, so provider needs to be edited to what is really supported, otherwise validation and refresh will fail. Fixes BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1286629 gems/pending/openstack/openstack_handle/handle.rb | 10 ---------- gems/pending/spec/openstack/openstack_handle/handle_spec.rb | 13 +------------ 2 files changed, 1 insertion(+), 22 deletions(-)
No, this needs to stay open so we can make certain the same patch made it onto the CF 4.1 branch. We did test this and it was verified working on 5.5 with its clone, bug 1288188
Adding SSL connection with broken settings errors - no fallback to non ssl verified on 5.6.0.10-rc2.1.20160607103248_d06c141
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1348