Fuel for OpenStack

Certificate verification warnings when TLS is enabled

Bug #1673708 reported by Alexander Rubtsov
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fuel for OpenStack
Confirmed
Low
Fuel Sustaining
Fuel for OpenStack 10.x-updates
Mitaka
Won't Fix
Low
Fuel Sustaining
Fuel for OpenStack 9.x-updates

Bug Description

=== Environment ===
* Mirantis OpenStack 9.2
* TLS termination is enabled
* HTTPs endpoint is specified

=== Description ===
There are the following certificate verification messages appears while using CLI commands:
/usr/lib/python2.7/dist-packages/urllib3/util/ssl_.py:315: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#snimissingwarning.
  SNIMissingWarning
/usr/lib/python2.7/dist-packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning

Please install/update the modules required to get rid of the insecure requests so that the verification will pass

=== Steps to reproduce ===
1) Install 9.x master node
2) Deploy a new environment with TLS enabled:
Settings --> Security--> TLS for OpenStack public endpoints
3) Source the Keystone HTTPs endpoint for CLI:
export OS_AUTH_URL='https://public.fuel.local:5000/v2.0'
4) Run some OpenStack component CLI command:
nova list

=== Actual result ===
# nova list
/usr/lib/python2.7/dist-packages/urllib3/util/ssl_.py:315: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#snimissingwarning.
  SNIMissingWarning
/usr/lib/python2.7/dist-packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
+----+------+--------+------------+-------------+----------+
| ID | Name | Status | Task State | Power State | Networks |
+----+------+--------+------------+-------------+----------+
+----+------+--------+------------+-------------+----------+

=== Espected result ===
# nova list
+----+------+--------+------------+-------------+----------+
| ID | Name | Status | Task State | Power State | Networks |
+----+------+--------+------------+-------------+----------+
+----+------+--------+------------+-------------+----------+

Revision history for this message
Alexander Rubtsov (arubtsov) wrote :

sla2 for 9.0-updates

tags: added: customer-found sla2
Revision history for this message
Stanislaw Bogatkin (sbogatkin) wrote :

It does not affect anything, actually, but needed many efforts to migrate onto new libraries. Moved to low.

Changed in fuel:
importance: Undecided → Low
status: New → Confirmed
Oleksiy Molchanov (omolchanov)
Changed in fuel:
assignee: nobody → Fuel Sustaining (fuel-sustaining-team)
milestone: none → 10.x-updates
Revision history for this message
Denis Meltsaykin (dmeltsaykin) wrote :

Won't Fix for 9.2: the bugs of low importance/impact are not accepted for the maintenance updates.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.