First Last Prev Next    This bug is not in your last search results.
Bug 975744 - NameError on server certificate validation attempt on rhel5
NameError on server certificate validation attempt on rhel5
Status: CLOSED UPSTREAM
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: python-qpid (Show other bugs)
Development
Unspecified Unspecified
low Severity low
: 3.1
: ---
Assigned To: Ken Giusti
Messaging QE
:
Depends On: 966004
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-19 05:13 EDT by Petr Matousek
Modified: 2014-08-07 09:41 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 966004
Environment:
Last Closed: 2014-08-07 09:41:12 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Apache JIRA QPID-4882 None None None Never

  None (edit)
Description Petr Matousek 2013-06-19 05:13:22 EDT 
+++ This bug was initially created as a clone of Bug #966004 +++

Description of problem:

The validation of server certificate is not supported on rhel5. There is an appropriate error reported by the client, which is correct:
    raise SSLError("This version of Python does not support verification of the peer's certificate.")

But the 'SSLError' class is not known, so the client ends with a NameError:
NameError: global name 'SSLError' is not defined

See additional info for details.

Version-Release number of selected component (if applicable):
python-qpid-0.18-4

How reproducible:
100%

Steps to Reproduce:
1. setup ssl broker
2. connect to the broker using python client, request server certificate validation by supplying ssl_trustfile connection option
3. NameError

Actual results:
NameError on server certificate validation attempt

Expected results:
Appropriate exception is displayed to the user

Additional info:

* qc2_drain.py is a modified version of python drain example that supports connection options

# ~/qc2_drain.py -b amqps://$(hostname):5671 "amq.direct/test" --connection-options "{ssl_certfile:/var/lib/qpidd/qpid_nss_db/client.pem, ssl_trustfile:/var/lib/qpidd/qpid_nss_db/rootca.crt}"
Traceback (most recent call last):
  File "/root/qc2_drain.py", line 171, in ?
    conn.open()
  File "<string>", line 6, in open
  File "/usr/lib/python2.4/site-packages/qpid/messaging/endpoints.py", line 261, in open
    self.attach()
  File "<string>", line 6, in attach
  File "/usr/lib/python2.4/site-packages/qpid/messaging/endpoints.py", line 279, in attach
    self._ewait(lambda: self._transport_connected and not self._unlinked())
  File "/usr/lib/python2.4/site-packages/qpid/messaging/endpoints.py", line 214, in _ewait
    self.check_error()
  File "/usr/lib/python2.4/site-packages/qpid/messaging/endpoints.py", line 207, in check_error
    raise self.error
qpid.messaging.exceptions.InternalError: Traceback (most recent call last):
  File "/usr/lib/python2.4/site-packages/qpid/messaging/driver.py", line 509, in dispatch
    self.connect()
  File "/usr/lib/python2.4/site-packages/qpid/messaging/driver.py", line 533, in connect
    self._transport = trans(self.connection, host, port)
  File "/usr/lib/python2.4/site-packages/qpid/messaging/transports.py", line 79, in __init__
    raise SSLError("This version of Python does not support verification of the peer's certificate.")
NameError: global name 'SSLError' is not defined

--- Additional comment from Ken Giusti on 2013-05-23 10:41:28 EDT ---

Fixed upstream:

http://svn.apache.org/viewvc?view=revision&revision=1485741
Comment 1 Petr Matousek 2013-06-19 05:15:36 EDT 
this bug also occurs on qpid-cpp-mrg-0.22-4.el5 packages -> cloned for 2.4
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.