tempest

Running test_create_object_with_expect_continue got ssh error

Bug #1907554 reported by zhufl
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tempest
Fix Released
Medium
zhufl

Bug Description

1.Problem
Running test_create_object_with_expect_continue got ssl error:
 File "/tempest/lib/services/object_storage/object_client.py", line 144, in create_object_continue
    conn.endheaders()
  File "/usr/local/python3/lib/python3.8/http/client.py", line 1225, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/local/python3/lib/python3.8/http/client.py", line 1004, in _send_output
    self.send(msg)
  File "/usr/local/python3/lib/python3.8/http/client.py", line 944, in send
    self.connect()
  File "/usr/local/python3/lib/python3.8/http/client.py", line 1399, in connect
    self.sock = self._context.wrap_socket(self.sock,
  File "/usr/local/python3/lib/python3.8/ssl.py", line 500, in wrap_socket
    return self.sslsocket_class._create(
  File "/usr/local/python3/lib/python3.8/ssl.py", line 1040, in _create
    self.do_handshake()
  File "/usr/local/python3/lib/python3.8/ssl.py", line 1309, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)

Setting tempest.conf -> identity.disable_ssl_certificate_validation = True has no effect

2.Analysis
create_object_continue interface uses its own httplib.HTTPSConnection, and when creating httplib.HTTPSConnection, it doesn't have a look at CONF.identity.disable_ssl_certificate_validation.

3.Solution
When creating httplib.HTTPSConnection, CONF.identity.disable_ssl_certificate_validation should be taken into account.

Revision history for this message
Martin Kopec (mkopec) wrote :

https://review.opendev.org/c/openstack/tempest/+/766658

Changed in tempest:
status: New → In Progress
Revision history for this message
Martin Kopec (mkopec) wrote :

Hi zhufl do you think https://bugs.launchpad.net/tempest/+bug/1542278 is related to this bug? Or maybe that https://bugs.launchpad.net/tempest/+bug/1542278 is addressed by https://review.opendev.org/c/openstack/tempest/+/766658 as well?

Revision history for this message
zhufl (zhu-fanglei) wrote :

I don't know what does "Tempest should fail with a nice SSL message" mean.

If this bug is fixed, then the behaviour is:
"if disable_ssl_certificate_validation = true, whether a ca_certificates_file is given or not, Tempest should pass".

So is that ok?

Revision history for this message
Martin Kopec (mkopec) wrote :

The 1542278 is not related to this and based on my testing is not relevant anymore.

Speaking about this bug, the fix looks ok to me, I already gave +2.

Revision history for this message
Ghanshyam Mann (ghanshyammann) wrote :

yeah we need to disable the ssl verifixcation for disable_ssl_certificate_validation = true

Changed in tempest:
importance: Undecided → Medium
assignee: nobody → zhufl (zhu-fanglei)
Revision history for this message
Martin Kopec (mkopec) wrote :

https://review.opendev.org/c/openstack/tempest/+/766658 got merged

Changed in tempest:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tempest 26.1.0

This issue was fixed in the openstack/tempest 26.1.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.