Description of problem: The validation of server certificate is not supported on rhel5. There is an appropriate error reported by the client, which is correct: raise SSLError("This version of Python does not support verification of the peer's certificate.") But the 'SSLError' class is not known, so the client ends with a NameError: NameError: global name 'SSLError' is not defined See additional info for details. Version-Release number of selected component (if applicable): python-qpid-0.18-4 How reproducible: 100% Steps to Reproduce: 1. setup ssl broker 2. connect to the broker using python client, request server certificate validation by supplying ssl_trustfile connection option 3. NameError Actual results: NameError on server certificate validation attempt Expected results: Appropriate exception is displayed to the user Additional info: * qc2_drain.py is a modified version of python drain example that supports connection options # ~/qc2_drain.py -b amqps://$(hostname):5671 "amq.direct/test" --connection-options "{ssl_certfile:/var/lib/qpidd/qpid_nss_db/client.pem, ssl_trustfile:/var/lib/qpidd/qpid_nss_db/rootca.crt}" Traceback (most recent call last): File "/root/qc2_drain.py", line 171, in ? conn.open() File "<string>", line 6, in open File "/usr/lib/python2.4/site-packages/qpid/messaging/endpoints.py", line 261, in open self.attach() File "<string>", line 6, in attach File "/usr/lib/python2.4/site-packages/qpid/messaging/endpoints.py", line 279, in attach self._ewait(lambda: self._transport_connected and not self._unlinked()) File "/usr/lib/python2.4/site-packages/qpid/messaging/endpoints.py", line 214, in _ewait self.check_error() File "/usr/lib/python2.4/site-packages/qpid/messaging/endpoints.py", line 207, in check_error raise self.error qpid.messaging.exceptions.InternalError: Traceback (most recent call last): File "/usr/lib/python2.4/site-packages/qpid/messaging/driver.py", line 509, in dispatch self.connect() File "/usr/lib/python2.4/site-packages/qpid/messaging/driver.py", line 533, in connect self._transport = trans(self.connection, host, port) File "/usr/lib/python2.4/site-packages/qpid/messaging/transports.py", line 79, in __init__ raise SSLError("This version of Python does not support verification of the peer's certificate.") NameError: global name 'SSLError' is not defined
Fixed upstream: http://svn.apache.org/viewvc?view=revision&revision=1485741
Tested on RHEL5.10 (both i386 and x86_64). This issue has been fixed. Packages used for testing: python-qpid-0.18-8.el5_10 python-qpid-qmf-0.18-20.el5_10 qpid-cpp-client-0.18-20.el5_10 qpid-cpp-client-devel-0.18-20.el5_10 qpid-cpp-client-devel-docs-0.18-20.el5_10 qpid-cpp-client-rdma-0.18-20.el5_10 qpid-cpp-client-ssl-0.18-20.el5_10 qpid-cpp-server-0.18-20.el5_10 qpid-cpp-server-cluster-0.18-20.el5_10 qpid-cpp-server-devel-0.18-20.el5_10 qpid-cpp-server-ha-0.18-20.el5_10 qpid-cpp-server-rdma-0.18-20.el5_10 qpid-cpp-server-ssl-0.18-20.el5_10 qpid-cpp-server-store-0.18-20.el5_10 qpid-cpp-server-xml-0.18-20.el5_10 qpid-java-client-0.18-8.el5_9 qpid-java-common-0.18-8.el5_9 qpid-java-example-0.18-8.el5_9 qpid-jca-0.18-8.el5 qpid-jca-xarecovery-0.18-8.el5 qpid-jca-zip-0.18-8.el5 qpid-qmf-0.18-20.el5_10 qpid-qmf-devel-0.18-20.el5_10 qpid-tests-0.18-2.el5 qpid-tools-0.18-10.el5_9 rh-qpid-cpp-tests-0.18-20.el5_10 ruby-qpid-qmf-0.18-20.el5_10 -> VERIFIED
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-0129.html