[Bug 1385469] Re: pywbem library on Ubuntu doesn't support CA certificate verification
This bug was fixed in the package pywbem - 0.7.0-4ubuntu1~14.10.1 --- pywbem (0.7.0-4ubuntu1~14.10.1) utopic; urgency=medium * Add CA Certificate verification from upstream Import commits r624, r625, r627 and r628 from upstream to implement CA Certificate verification (LP: #1385469) -- Louis Bouchard louis.bouch...@canonical.com Tue, 25 Nov 2014 12:40:30 +0100 ** Changed in: pywbem (Ubuntu Utopic) Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385469 Title: pywbem library on Ubuntu doesn't support CA certificate verification To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pywbem/+bug/1385469/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385469] Re: pywbem library on Ubuntu doesn't support CA certificate verification
This bug was fixed in the package pywbem - 0.7.0-4ubuntu1~14.04.1 --- pywbem (0.7.0-4ubuntu1~14.04.1) trusty; urgency=medium * Add CA Certificate verification from upstream Import commits r624, r625, r627 and r628 from upstream to implement CA Certificate verification (LP: #1385469) -- Louis Bouchard louis.bouch...@canonical.com Tue, 25 Nov 2014 12:04:31 +0100 ** Changed in: pywbem (Ubuntu Trusty) Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385469 Title: pywbem library on Ubuntu doesn't support CA certificate verification To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pywbem/+bug/1385469/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385469] Re: pywbem library on Ubuntu doesn't support CA certificate verification
It would have been helpful to know which release was verified. Given that its rather simple, I'll test it myself. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385469 Title: pywbem library on Ubuntu doesn't support CA certificate verification To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pywbem/+bug/1385469/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385469] Re: pywbem library on Ubuntu doesn't support CA certificate verification
Hi Louis, Sorry for the very late response! We did finally get a chance to test this and it works. Thanks! Xing -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385469 Title: pywbem library on Ubuntu doesn't support CA certificate verification To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pywbem/+bug/1385469/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385469] Re: pywbem library on Ubuntu doesn't support CA certificate verification
Hi Xing, Thanks for the verification. I have now marked the bug as verification- done. The SRU should homefully complete shortly ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385469 Title: pywbem library on Ubuntu doesn't support CA certificate verification To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pywbem/+bug/1385469/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385469] Re: pywbem library on Ubuntu doesn't support CA certificate verification
Hello Xing, Any update on your test results ? I can use the test code in the SRU template, but a verification from your side would be better to confirm that the package can be released publicly. Kind regards, ...Louis -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385469 Title: pywbem library on Ubuntu doesn't support CA certificate verification To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pywbem/+bug/1385469/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385469] Re: pywbem library on Ubuntu doesn't support CA certificate verification
Xing, Is it possible to test the package available in the - proposed pocket to confirm that it fixes the issue ? Kind regards ...Louis -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385469 Title: pywbem library on Ubuntu doesn't support CA certificate verification To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pywbem/+bug/1385469/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385469] Re: pywbem library on Ubuntu doesn't support CA certificate verification
Louis, Sure, we'll test it. Looks like I missed your earlier update. Thanks, Xing -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385469 Title: pywbem library on Ubuntu doesn't support CA certificate verification To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pywbem/+bug/1385469/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385469] Re: pywbem library on Ubuntu doesn't support CA certificate verification
Hello Xing, or anyone else affected, Accepted pywbem into trusty-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/pywbem/0.7.0-4ubuntu1~14.04.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: pywbem (Ubuntu Trusty) Status: In Progress = Fix Committed ** Tags added: verification-needed ** Changed in: pywbem (Ubuntu Utopic) Status: In Progress = Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385469 Title: pywbem library on Ubuntu doesn't support CA certificate verification To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pywbem/+bug/1385469/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385469] Re: pywbem library on Ubuntu doesn't support CA certificate verification
** Branch linked: lp:~ubuntu-branches/ubuntu/trusty/pywbem/trusty- proposed ** Branch linked: lp:~ubuntu-branches/ubuntu/utopic/pywbem/utopic- proposed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385469 Title: pywbem library on Ubuntu doesn't support CA certificate verification To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pywbem/+bug/1385469/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385469] Re: pywbem library on Ubuntu doesn't support CA certificate verification
Thanks Louis, I sponsored to trusty and utopic! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385469 Title: pywbem library on Ubuntu doesn't support CA certificate verification To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pywbem/+bug/1385469/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385469] Re: pywbem library on Ubuntu doesn't support CA certificate verification
** Description changed: - In order to support CA certificates in pywbem, we need pywbem 0.7.0-25 - or later. On Ubuntu 12.04 and 14.04, the pywbem version is 0.7.0-4. - I'm opening this bug to request that pywbem 0.7.0-25 or later to be - packaged with Ubuntu 12.04 and 14.04 to support CA certificates. + [SRU justification] + Modification required to support CA certificates + + [Impact] + This is required in order to mitigate a MITM openstack vulnerability addressed here : https://bugs.launchpad.net/cinder/+bug/1372635 + + [Fix] + Backport fix already present in the development version + + [Test Case] + Run the following script : + #!/usr/bin/python + import pywbem + import logging + + def _get_connection(self): + + try: + conn = None + conn = pywbem.WBEMConnection(self.url, (self.user, self.passwd), + default_namespace='root/emc', + x509=None, + verify_callback=None, + ca_certs=self.cert, + no_verification=False) + except TypeError: + print CA certificates not supported by the pywbem library. + conn = pywbem.WBEMConnection(self.url, (self.user, self.passwd), + default_namespace='root/emc') + + if conn is None: + exception_message = (_(Cannot connect to ECOM server)) + raise exception.VolumeBackendAPIException(data=exception_message) + + return conn + + class Provider(object): + def __init__(self, url, user, password): + self.url = url + self.user = user + self.passwd = password + self.cert = None + + if __name__ == '__main__': + + remote = Provider('http://localhost', 'root', 'deadbeef') + _get_connection(remote) + + With the fixed version, nothing will be displayed. With the current version, the following will appear : + CA certificates not supported by the pywbem library. + + [Regression] + None expected, the modification is already present in Vivid + + [Original description of the problem] + In order to support CA certificates in pywbem, we need pywbem 0.7.0-25 or later. On Ubuntu 12.04 and 14.04, the pywbem version is 0.7.0-4. I'm opening this bug to request that pywbem 0.7.0-25 or later to be packaged with Ubuntu 12.04 and 14.04 to support CA certificates. The two new parameters ca_cert and no_verification are needed in the Connection API to support CA certificates: conn = pywbem.WBEMConnection(url, - creds, - default_namespace=namespace, - x509=None, - verify_callback=None, - ca_certs=’/foo/cert_file.crt’, - no_verification=False) + creds, + default_namespace=namespace, + x509=None, + verify_callback=None, + ca_certs=’/foo/cert_file.crt’, + no_verification=False) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385469 Title: pywbem library on Ubuntu doesn't support CA certificate verification To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pywbem/+bug/1385469/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385469] Re: pywbem library on Ubuntu doesn't support CA certificate verification
debdiff for SRU to utopic ** Patch added: pywbem_lp1385469_ca_cert_utopic.debdiff https://bugs.launchpad.net/ubuntu/+source/pywbem/+bug/1385469/+attachment/4292774/+files/pywbem_lp1385469_ca_cert_utopic.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385469 Title: pywbem library on Ubuntu doesn't support CA certificate verification To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pywbem/+bug/1385469/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385469] Re: pywbem library on Ubuntu doesn't support CA certificate verification
debdiff for SRU to trusty ** Patch added: pywbem_lp1385469_ca_cert_trusty.debdiff https://bugs.launchpad.net/ubuntu/+source/pywbem/+bug/1385469/+attachment/4292775/+files/pywbem_lp1385469_ca_cert_trusty.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385469 Title: pywbem library on Ubuntu doesn't support CA certificate verification To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pywbem/+bug/1385469/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385469] Re: pywbem library on Ubuntu doesn't support CA certificate verification
Hi Louis, We tested it and the package works. Thanks! There's an issue we ran into with the wbem_request function in pywbem. We had to modify it to work around the problem. This is a different problem. The CA cert fix you packaged in PPA works as expected. Thanks! Xing -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385469 Title: pywbem library on Ubuntu doesn't support CA certificate verification To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pywbem/+bug/1385469/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385469] Re: pywbem library on Ubuntu doesn't support CA certificate verification
Hello Xing, Did you get a chance to test the package in the PPA ? Kind regards, ...Louis -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385469 Title: pywbem library on Ubuntu doesn't support CA certificate verification To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pywbem/+bug/1385469/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385469] Re: pywbem library on Ubuntu doesn't support CA certificate verification
Hi Louis, We are currently testing it and ran into some issues. Need to do more investigation before reporting back to you on what the problem is. Thanks, Xing -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385469 Title: pywbem library on Ubuntu doesn't support CA certificate verification To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pywbem/+bug/1385469/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385469] Re: pywbem library on Ubuntu doesn't support CA certificate verification
Thanks Louis! We'll give a try. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385469 Title: pywbem library on Ubuntu doesn't support CA certificate verification To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pywbem/+bug/1385469/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385469] Re: pywbem library on Ubuntu doesn't support CA certificate verification
Hello Xing, You can get test packages for Trusty and Utopic here : ppa:louis-bouchard/python-pywbem (https://launchpad.net/~louis- bouchard/+archive/ubuntu/python-pywbem) Please let me know as soon as you can get one of them tested, so I can proceed with the SRU. Kind regards, ...Louis ** Changed in: pywbem (Ubuntu Utopic) Status: Confirmed = In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385469 Title: pywbem library on Ubuntu doesn't support CA certificate verification To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pywbem/+bug/1385469/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385469] Re: pywbem library on Ubuntu doesn't support CA certificate verification
Hi Louis, Yes, we can test this. Can you provide PPA please? Thanks! Xing -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385469 Title: pywbem library on Ubuntu doesn't support CA certificate verification To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pywbem/+bug/1385469/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385469] Re: pywbem library on Ubuntu doesn't support CA certificate verification
Here is a code snippet: def _get_connection(self): try: conn = None conn = pywbem.WBEMConnection(self.url, (self.user, self.passwd), default_namespace='root/emc', x509=None, verify_callback=None, ca_certs=self.cert, no_verification=False) except TypeError: LOG.info(_LI(CA certificates not supported by the pywbem library.)) conn = pywbem.WBEMConnection(self.url, (self.user, self.passwd), default_namespace='root/emc') if conn is None: exception_message = (_(Cannot connect to ECOM server)) raise exception.VolumeBackendAPIException(data=exception_message) return conn -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385469 Title: pywbem library on Ubuntu doesn't support CA certificate verification To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pywbem/+bug/1385469/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1385469] Re: pywbem library on Ubuntu doesn't support CA certificate verification
Xing Yang, I would like to know if you have the possibility to test the added functionality ? If so, I can have a test package made available through a PPA so you can test the functionality. A snippet of code would also be useful if you have such a thing. Kind regards, ...Loui -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1385469 Title: pywbem library on Ubuntu doesn't support CA certificate verification To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pywbem/+bug/1385469/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs