Bug 2088303 - Webhook raises "certificate verify failed" error even the target host is trusted by the system SSL CA bundle
Summary: Webhook raises "certificate verify failed" error even the target host is tru...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Hooks and Webhooks
Version: 6.10.5
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: 6.12.0
Assignee: Oleh Fedorenko
QA Contact: Griffin Sullivan
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-05-19 07:17 UTC by Hao Chang Yu
Modified: 2022-11-16 13:34 UTC (History)
5 users (show)

Fixed In Version: foreman_webhooks-3.0.4
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-11-16 13:33:51 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 35281 0 Normal New Webhook raises "certificate verify failed" error even the target host is trusted by the system SSL CA bundle 2022-07-26 12:20:56 UTC
Red Hat Issue Tracker SAT-11859 0 None None None 2022-08-16 17:55:26 UTC
Red Hat Product Errata RHSA-2022:8506 0 None None None 2022-11-16 13:34:04 UTC

Description Hao Chang Yu 2022-05-19 07:17:40 UTC 
Description of problem:
If "X509 Certification Authorities" is not set, Webhook will use empty certificate store to verify the target host which will cause the "certificate verify failed" error even the target host is trusted by the system SSL CA bundle. 


/var/log/foreman/production.log
---------------------------------------------
2022-05-19T16:20:49 [I|app|176de3f1] Performing 'hao_test_hook_2' webhook request for event 'actions.remote_execution.run_host_job_succeeded.event.foreman'
2022-05-19T16:20:49 [W|app|176de3f1] Could not parse HTTP headers JSON, ignoring: no implicit conversion of nil into String
2022-05-19T16:20:50 [W|app|176de3f1] Failed to execute the webhook hao_test_hook -> actions.remote_execution.run_host_job_succeeded.event.foreman
2022-05-19T16:20:50 [I|app|176de3f1] Backtrace for 'Failed to execute the webhook hao_test_hook -> actions.remote_execution.run_host_job_succeeded.event.foreman' error (OpenSSL::SSL::SSLError): SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)
 176de3f1 | /opt/rh/rh-ruby27/root/usr/share/ruby/net/protocol.rb:44:in `connect_nonblock'
 176de3f1 | /opt/rh/rh-ruby27/root/usr/share/ruby/net/protocol.rb:44:in `ssl_socket_connect'
 176de3f1 | /opt/rh/rh-ruby27/root/usr/share/ruby/net/http.rb:1009:in `connect'
 176de3f1 | /opt/rh/rh-ruby27/root/usr/share/ruby/net/http.rb:943:in `do_start'
 176de3f1 | /opt/rh/rh-ruby27/root/usr/share/ruby/net/http.rb:932:in `start'
 176de3f1 | /opt/rh/rh-ruby27/root/usr/share/ruby/net/http.rb:1483:in `request'
 176de3f1 | /usr/share/foreman/lib/foreman/http_proxy/net_http_extension.rb:12:in `request'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman_webhooks-2.0.1/app/services/foreman_webhooks/webhook_service.rb:123:in `request'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman_webhooks-2.0.1/app/services/foreman_webhooks/webhook_service.rb:54:in `execute'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman_webhooks-2.0.1/app/jobs/foreman_webhooks/deliver_webhook_job.rb:15:in `perform'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activejob-6.0.3.7/lib/active_job/execution.rb:40:in `block in perform_now'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/callbacks.rb:112:in `block in run_callbacks'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/i18n-1.8.2/lib/i18n.rb:313:in `with_locale'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activejob-6.0.3.7/lib/active_job/translation.rb:9:in `block (2 levels) in <module:Translation>'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/callbacks.rb:121:in `instance_exec'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/callbacks.rb:121:in `block in run_callbacks'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/core_ext/time/zones.rb:66:in `use_zone'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activejob-6.0.3.7/lib/active_job/timezones.rb:9:in `block (2 levels) in <module:Timezones>'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/callbacks.rb:121:in `instance_exec'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/callbacks.rb:121:in `block in run_callbacks'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activejob-6.0.3.7/lib/active_job/logging.rb:25:in `block (4 levels) in <module:Logging>'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/notifications.rb:180:in `block in instrument'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/notifications/instrumenter.rb:24:in `instrument'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/notifications.rb:180:in `instrument'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activejob-6.0.3.7/lib/active_job/logging.rb:24:in `block (3 levels) in <module:Logging>'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activejob-6.0.3.7/lib/active_job/logging.rb:47:in `tag_logger'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activejob-6.0.3.7/lib/active_job/logging.rb:21:in `block (2 levels) in <module:Logging>'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/callbacks.rb:121:in `instance_exec'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/callbacks.rb:121:in `block in run_callbacks'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/callbacks.rb:139:in `run_callbacks'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activejob-6.0.3.7/lib/active_job/execution.rb:39:in `perform_now'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activejob-6.0.3.7/lib/active_job/execution.rb:25:in `block in execute'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/callbacks.rb:112:in `block in run_callbacks'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activejob-6.0.3.7/lib/active_job/railtie.rb:43:in `block (4 levels) in <class:Railtie>'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/execution_wrapper.rb:88:in `wrap'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/reloader.rb:72:in `block in wrap'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/execution_wrapper.rb:88:in `wrap'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/reloader.rb:71:in `wrap'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activejob-6.0.3.7/lib/active_job/railtie.rb:42:in `block (3 levels) in <class:Railtie>'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/callbacks.rb:121:in `instance_exec'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/callbacks.rb:121:in `block in run_callbacks'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/callbacks.rb:139:in `run_callbacks'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/activejob-6.0.3.7/lib/active_job/execution.rb:23:in `execute'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/active_job/queue_adapter.rb:47:in `run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/action.rb:572:in `block (3 levels) in execute_run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/stack.rb:27:in `pass'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware.rb:19:in `pass'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/action/progress.rb:31:in `with_progress_calculation'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/action/progress.rb:17:in `run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/stack.rb:23:in `call'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/stack.rb:27:in `pass'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware.rb:19:in `pass'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-4.1.5/app/lib/actions/middleware/load_setting_values.rb:20:in `run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/stack.rb:23:in `call'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/stack.rb:27:in `pass'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware.rb:19:in `pass'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-4.1.5/app/lib/actions/middleware/keep_current_request_id.rb:15:in `block in run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-4.1.5/app/lib/actions/middleware/keep_current_request_id.rb:52:in `restore_current_request_id'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-4.1.5/app/lib/actions/middleware/keep_current_request_id.rb:15:in `run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/stack.rb:23:in `call'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/stack.rb:27:in `pass'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware.rb:19:in `pass'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-4.1.5/app/lib/actions/middleware/keep_current_timezone.rb:15:in `block in run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-4.1.5/app/lib/actions/middleware/keep_current_timezone.rb:44:in `restore_curent_timezone'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-4.1.5/app/lib/actions/middleware/keep_current_timezone.rb:15:in `run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/stack.rb:23:in `call'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/stack.rb:27:in `pass'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware.rb:19:in `pass'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-4.1.5/app/lib/actions/middleware/keep_current_taxonomies.rb:15:in `block in run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-4.1.5/app/lib/actions/middleware/keep_current_taxonomies.rb:45:in `restore_current_taxonomies'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-4.1.5/app/lib/actions/middleware/keep_current_taxonomies.rb:15:in `run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/stack.rb:23:in `call'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/stack.rb:27:in `pass'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware.rb:19:in `pass'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware.rb:32:in `run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/stack.rb:23:in `call'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/stack.rb:27:in `pass'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware.rb:19:in `pass'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-4.1.5/app/lib/actions/middleware/keep_current_user.rb:15:in `block in run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-4.1.5/app/lib/actions/middleware/keep_current_user.rb:54:in `restore_curent_user'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-4.1.5/app/lib/actions/middleware/keep_current_user.rb:15:in `run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/stack.rb:23:in `call'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/middleware/world.rb:31:in `execute'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/action.rb:571:in `block (2 levels) in execute_run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/action.rb:570:in `catch'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/action.rb:570:in `block in execute_run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/action.rb:473:in `block in with_error_handling'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/action.rb:473:in `catch'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/action.rb:473:in `with_error_handling'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/action.rb:565:in `execute_run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/action.rb:286:in `execute'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/execution_plan/steps/abstract_flow_step.rb:18:in `block (2 levels) in execute'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/execution_plan/steps/abstract.rb:167:in `with_meta_calculation'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/execution_plan/steps/abstract_flow_step.rb:17:in `block in execute'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/execution_plan/steps/abstract_flow_step.rb:32:in `open_action'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/execution_plan/steps/abstract_flow_step.rb:16:in `execute'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/director.rb:69:in `execute'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/executors/sidekiq/worker_jobs.rb:11:in `block (2 levels) in perform'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/executors.rb:18:in `run_user_code'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/executors/sidekiq/worker_jobs.rb:9:in `block in perform'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/executors/sidekiq/worker_jobs.rb:25:in `with_telemetry'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/executors/sidekiq/worker_jobs.rb:8:in `perform'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.4.9/lib/dynflow/executors/sidekiq/serialization.rb:27:in `perform'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/processor.rb:192:in `execute_job'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/processor.rb:165:in `block (2 levels) in process'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/middleware/chain.rb:128:in `block in invoke'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/middleware/chain.rb:133:in `invoke'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/processor.rb:164:in `block in process'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/processor.rb:137:in `block (6 levels) in dispatch'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/job_retry.rb:109:in `local'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/processor.rb:136:in `block (5 levels) in dispatch'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq.rb:37:in `block in <module:Sidekiq>'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/processor.rb:132:in `block (4 levels) in dispatch'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/processor.rb:250:in `stats'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/processor.rb:127:in `block (3 levels) in dispatch'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/job_logger.rb:8:in `call'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/processor.rb:126:in `block (2 levels) in dispatch'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/job_retry.rb:74:in `global'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/processor.rb:125:in `block in dispatch'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/logging.rb:48:in `with_context'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/logging.rb:42:in `with_job_hash_context'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/processor.rb:124:in `dispatch'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/processor.rb:163:in `process'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/processor.rb:83:in `process_one'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/processor.rb:71:in `run'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/util.rb:16:in `watchdog'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/sidekiq-5.2.7/lib/sidekiq/util.rb:25:in `block in safe_thread'
 176de3f1 | /opt/theforeman/tfm/root/usr/share/gems/gems/logging-2.3.0/lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context'
---------------------------------------------


Steps to Reproduce:
1. In Satellite, make sure the target host is trusted by the system SSL CA bundle by adding its CA certificates to "/etc/pki/ca-trust/source/anchors/" directory and run "update-ca-trust" command.
2. Run "curl https://target.host.com" to test it
3. In Satellite web UI -> Adminster -> Webhooks -> Add new web hook with the following data:

Subscribe to = "Actions Remote Execution Run Host Job Succeeded"
Template: Remote Execution Host Job
Target url: https://target.host.com/sub/paths
Enabled: Check
Verify SSL: Check
Capsule Authorization: Uncheck
X509 Certification Authorities: Empty

4. Now run a SSH REX job against any host and wait for it to finish successfully.


Actual results:
In /var/log/foreman/production.log

Backtrace for 'Failed to execute the webhook hao_test_hook -> actions.remote_execution.run_host_job_succeeded.event.foreman' error (OpenSSL::SSL::SSLError): SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)

Expected results:
No error
Comment 4 Oleh Fedorenko 2022-07-26 12:20:55 UTC 
Created redmine issue https://projects.theforeman.org/issues/35281 from this bug
Comment 5 Bryan Kearney 2022-08-03 16:04:49 UTC 
Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/35281 has been resolved.
Comment 6 Zach Huntington-Meath 2022-08-08 11:45:31 UTC 
Hi Oleh,

Can we get a new release of foreman_webhooks that will have the fix for this bug?
Comment 7 Griffin Sullivan 2022-09-07 13:48:28 UTC 
Verification currently blocked by https://bugzilla.redhat.com/show_bug.cgi?id=2124928
Comment 8 Griffin Sullivan 2022-09-19 16:04:51 UTC 
Verified in 6.12 snap 11

Webhooks no longer raise certificate error when x509 Certificate Authorities is blank and target host is trusted by the system.

Steps to Reproduce:
1. In Satellite, make sure the target host is trusted by the system SSL CA bundle by adding its CA certificates to "/etc/pki/ca-trust/source/anchors/" directory and run "update-ca-trust" command.
2. Run "curl https://target.host.com" to test it
3. In Satellite web UI -> Adminster -> Webhooks -> Add new web hook with the following data:

Subscribe to = "Actions Remote Execution Run Host Job Succeeded"
Template: Remote Execution Host Job
Target url: https://target.host.com/sub/paths
Enabled: Check
Verify SSL: Check
Capsule Authorization: Uncheck
X509 Certification Authorities: Empty

4. Now run a SSH REX job against any host and wait for it to finish successfully.

Results:

Webhook runs successfully.
Comment 12 errata-xmlrpc 2022-11-16 13:33:51 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Satellite 6.12 Release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:8506
Note You need to log in before you can comment on or make changes to this bug.