975744 – NameError on server certificate validation attempt on rhel5

Bug 975744 - NameError on server certificate validation attempt on rhel5

Summary: NameError on server certificate validation attempt on rhel5

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Red Hat Enterprise MRG
Classification:	Red Hat
Component:	python-qpid
Sub Component:
Version:	Development
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	low
Target Milestone:	3.1
Target Release:	---
Assignee:	Ken Giusti
QA Contact:	Messaging QE
Docs Contact:
URL:
Whiteboard:
Depends On:	966004
Blocks:
TreeView+	depends on / blocked

Reported:	2013-06-19 09:13 UTC by Petr Matousek
Modified:	2014-08-07 13:41 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:	966004
Environment:
Last Closed:	2014-08-07 13:41:12 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Apache JIRA	QPID-4882	0	None	None	None	Never

Description Petr Matousek 2013-06-19 09:13:22 UTC

+++ This bug was initially created as a clone of Bug #966004 +++

Description of problem:

The validation of server certificate is not supported on rhel5. There is an appropriate error reported by the client, which is correct:
    raise SSLError("This version of Python does not support verification of the peer's certificate.")

But the 'SSLError' class is not known, so the client ends with a NameError:
NameError: global name 'SSLError' is not defined

See additional info for details.

Version-Release number of selected component (if applicable):
python-qpid-0.18-4

How reproducible:
100%

Steps to Reproduce:
1. setup ssl broker
2. connect to the broker using python client, request server certificate validation by supplying ssl_trustfile connection option
3. NameError

Actual results:
NameError on server certificate validation attempt

Expected results:
Appropriate exception is displayed to the user

Additional info:

* qc2_drain.py is a modified version of python drain example that supports connection options

# ~/qc2_drain.py -b amqps://$(hostname):5671 "amq.direct/test" --connection-options "{ssl_certfile:/var/lib/qpidd/qpid_nss_db/client.pem, ssl_trustfile:/var/lib/qpidd/qpid_nss_db/rootca.crt}"
Traceback (most recent call last):
  File "/root/qc2_drain.py", line 171, in ?
    conn.open()
  File "<string>", line 6, in open
  File "/usr/lib/python2.4/site-packages/qpid/messaging/endpoints.py", line 261, in open
    self.attach()
  File "<string>", line 6, in attach
  File "/usr/lib/python2.4/site-packages/qpid/messaging/endpoints.py", line 279, in attach
    self._ewait(lambda: self._transport_connected and not self._unlinked())
  File "/usr/lib/python2.4/site-packages/qpid/messaging/endpoints.py", line 214, in _ewait
    self.check_error()
  File "/usr/lib/python2.4/site-packages/qpid/messaging/endpoints.py", line 207, in check_error
    raise self.error
qpid.messaging.exceptions.InternalError: Traceback (most recent call last):
  File "/usr/lib/python2.4/site-packages/qpid/messaging/driver.py", line 509, in dispatch
    self.connect()
  File "/usr/lib/python2.4/site-packages/qpid/messaging/driver.py", line 533, in connect
    self._transport = trans(self.connection, host, port)
  File "/usr/lib/python2.4/site-packages/qpid/messaging/transports.py", line 79, in __init__
    raise SSLError("This version of Python does not support verification of the peer's certificate.")
NameError: global name 'SSLError' is not defined

--- Additional comment from Ken Giusti on 2013-05-23 10:41:28 EDT ---

Fixed upstream:

http://svn.apache.org/viewvc?view=revision&revision=1485741

Comment 1 Petr Matousek 2013-06-19 09:15:36 UTC

this bug also occurs on qpid-cpp-mrg-0.22-4.el5 packages -> cloned for 2.4

Note You need to log in before you can comment on or make changes to this bug.