Bug 1397376 - Spacewalk API fails with SSLError on Fedora client
Summary: Spacewalk API fails with SSLError on Fedora client
Keywords:
Status: CLOSED EOL
Alias: None
Product: Spacewalk
Classification: Community
Component: Clients
Version: 2.5
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Tomáš Kašpárek
QA Contact: Red Hat Satellite QA List
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-11-22 12:19 UTC by Ales Dujicek
Modified: 2020-03-06 14:27 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-03-06 14:27:45 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Ales Dujicek 2016-11-22 12:19:46 UTC 
Description of problem:

cannot run API scripts through https on Fedora clients

api.py:
#!/usr/bin/python
import sys
import xmlrpclib
client = xmlrpclib.Server(sys.argv[1], verbose=0)
print client.api.getVersion()


it works locally:
# python api.py https://$(hostname)/rpc/api
19

but if I run it against remote Spacewalk server
# python api.py https://spacewalk/rpc/api
Traceback (most recent call last):
  File "api.py", line 8, in <module>
    print client.api.getVersion()
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1243, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1602, in __request
    verbose=self.__verbose
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1283, in request
    return self.single_request(host, handler, request_body, verbose)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1311, in single_request
    self.send_content(h, request_body)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1459, in send_content
    connection.endheaders(request_body)
  File "/usr/lib64/python2.7/httplib.py", line 1053, in endheaders
    self._send_output(message_body)
  File "/usr/lib64/python2.7/httplib.py", line 897, in _send_output
    self.send(msg)
  File "/usr/lib64/python2.7/httplib.py", line 859, in send
    self.connect()
  File "/usr/lib64/python2.7/httplib.py", line 1278, in connect
    server_hostname=server_hostname)
  File "/usr/lib64/python2.7/ssl.py", line 353, in wrap_socket
    _context=self)
  File "/usr/lib64/python2.7/ssl.py", line 601, in __init__
    self.do_handshake()
  File "/usr/lib64/python2.7/ssl.py", line 830, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)

http works
# python api.py http://spacewalk/rpc/api
19

Version-Release number of selected component (if applicable):
Fedora 23, 24

How reproducible:
always

Steps to Reproduce:
1. run API script from Fedora client
Comment 1 Jan Dobes 2017-11-10 15:58:53 UTC 
Do your Fedora clients have Spacewalk's certificate in their trust store? Does the spacewalk hostname you are trying connect to exactly match with hostname in CA certificate?
Comment 2 Michael Mráka 2020-03-06 14:27:45 UTC 
Spacewalk 2.8 (and older) has already reached it's End Of Life.

Thank you for reporting this issue and we are sorry that we were not
able to fix it before end of life. If you would still like
to see this bug fixed and are able to reproduce it against current version
of Spacewalk 2.9, you are encouraged change the 'version' and re-open it.
Note You need to log in before you can comment on or make changes to this bug.