This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 1286629 - Remove connection fallback to non ssl for Openstack providers
Remove connection fallback to non ssl for Openstack providers
Status: CLOSED ERRATA
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Providers (Show other bugs)
5.5.0
Unspecified Unspecified
high Severity high
: GA
: 5.6.0
Assigned To: Ladislav Smola
Ola Pavlenko
provider:openstack
:
Depends On:
Blocks: 1288188
  Show dependency treegraph
 
Reported: 2015-11-30 06:29 EST by Marius Cornea
Modified: 2017-08-29 23:45 EDT (History)
9 users (show)

See Also:
Fixed In Version: 5.6.0.0
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1288188 (view as bug list)
Environment:
Last Closed: 2016-06-29 11:13:37 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Marius Cornea 2015-11-30 06:29:16 EST
Description of problem:
Currently when SSL connection is not available it fallbacks to non SSL. When ssl is chosen, data should be always send in encrypted form, fallback to non ssl when ssl is not available breaks it. Also validation will always return valid, while silenty failing and switching to non ssl.

Only downside is that it's not backwards compatible. New default will be SSl without validation, so provider needs to be edited to what is really supported, otherwise validation and refresh will fail.
Comment 3 CFME Bot 2016-01-12 08:32:23 EST
New commit detected on cfme/5.5.z:
https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=3e84fba0ba67788074f4bebc59ea0ef913c82eeb

commit 3e84fba0ba67788074f4bebc59ea0ef913c82eeb
Author:     Ladislav Smola <lsmola@redhat.com>
AuthorDate: Mon Nov 16 13:59:18 2015 +0100
Commit:     Ladislav Smola <lsmola@redhat.com>
CommitDate: Tue Jan 12 11:29:54 2016 +0100

    Remove fallback to https
    
    When ssl is chosen, data should be always send in encrypted form,
    fallback to non ssl when ssl is not available breaks it. Also
    validation will always return valid, while silenty failing
    and switching to non ssl.
    
    Only downside is that it's not backwards compatible. New default
    will be SSl without validation, so provider needs to be edited to
    what is really supported, otherwise validation and refresh will
    fail.
    
    Fixes BZ:
    https://bugzilla.redhat.com/show_bug.cgi?id=1286629
    
    Conflicts:
    	gems/pending/spec/openstack/openstack_handle/handle_spec.rb

 gems/pending/openstack/openstack_handle/handle.rb       | 10 ----------
 .../spec/openstack/openstack_handle/handle_spec.rb      | 17 +++--------------
 2 files changed, 3 insertions(+), 24 deletions(-)
Comment 4 CFME Bot 2016-01-12 10:05:54 EST
New commit detected on ManageIQ/manageiq/master:
https://github.com/ManageIQ/manageiq/commit/4bbf6953e8f4744f0744f8117075241fad2bc410

commit 4bbf6953e8f4744f0744f8117075241fad2bc410
Author:     Ladislav Smola <lsmola@redhat.com>
AuthorDate: Mon Nov 16 13:59:18 2015 +0100
Commit:     Ladislav Smola <lsmola@redhat.com>
CommitDate: Tue Jan 12 10:49:32 2016 +0100

    Remove fallback to https
    
    When ssl is chosen, data should be always send in encrypted form,
    fallback to non ssl when ssl is not available breaks it. Also
    validation will always return valid, while silenty failing
    and switching to non ssl.
    
    Only downside is that it's not backwards compatible. New default
    will be SSl without validation, so provider needs to be edited to
    what is really supported, otherwise validation and refresh will
    fail.
    
    Fixes BZ:
    https://bugzilla.redhat.com/show_bug.cgi?id=1286629

 gems/pending/openstack/openstack_handle/handle.rb           | 10 ----------
 gems/pending/spec/openstack/openstack_handle/handle_spec.rb | 13 +------------
 2 files changed, 1 insertion(+), 22 deletions(-)
Comment 6 Dave Johnson 2016-02-23 10:21:57 EST
No, this needs to stay open so we can make certain the same patch made it onto the CF 4.1 branch.  We did test this and it was verified working on 5.5 with its clone, bug 1288188
Comment 7 Ronnie Rasouli 2016-06-14 08:51:15 EDT
Adding SSL connection with broken settings errors - no fallback to non ssl
verified on 5.6.0.10-rc2.1.20160607103248_d06c141
Comment 9 errata-xmlrpc 2016-06-29 11:13:37 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1348

Note You need to log in before you can comment on or make changes to this bug.