openssl cms error does not raise an exception or log the problem
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-keystoneclient |
Won't Fix
|
High
|
Unassigned |
Bug Description
Desc
-------
This was discovered while trying to run reddwarf locally on a mac pointed to a remote devstack instance.
The root of the problem is that Mac OS X comes installed with openssl but it does not have cms enabled.
It was not clear where the problem came from due to the "Revoked Token" error that was thrown.
Offending code
-------
keystoneclient/
...
def cms_verify(
"""
verifies the signature of the contents IAW CMS syntax
"""
_ensure_
process = subprocess.
output, err = process.
retcode = process.poll()
if retcode:
raise subprocess.
return output
...
When 'cms' is not enabled an err is returned from the 'process.
The code above only checks for the retcode which is 0 and empty string is returned as output.
This eventually leads to an InValid Token exception.
Proposed fix:
------------------
Log the err so that it's more clear what the actual problem is.
Perhaps on debug or info level.
It appears that the returned value for error can be a successful validation.
description: | updated |
summary: |
- openssl cms error does not raise and exception or logged + openssl cms error does not raise an exception or log the problem |
description: | updated |
description: | updated |
Changed in python-keystoneclient: | |
importance: | Undecided → High |
Changed in python-keystoneclient: | |
assignee: | nobody → Adam Young (ayoung) |
Should also document the requirement for openssl with cms support as well.