VMTP not possible to connect with https server.

Bug #1602048 reported by dengjian
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
vmtp
New
Undecided
Unassigned

Bug Description

Try to connect and test with OpenStack https server, got follow error log:

2016-07-12 00:50:12,521 INFO Using https://172.16.0.3:5000/v2.0
2016-07-12 00:50:12,522 INFO VM public key: /tmp/ssh/id_rsa.pub
2016-07-12 00:50:12,522 INFO VM private key: /tmp/ssh/id_rsa
/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:318: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#snimissingwarning.
  SNIMissingWarning
/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:122: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
2016-07-12 00:50:12,946 ERROR Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/vmtp/vmtp.py", line 426, in run
    self.setup()
  File "/usr/local/lib/python2.7/dist-packages/vmtp/vmtp.py", line 206, in setup
    self.comp.init_key_pair(self.config.public_key_name, self.instance_access)
  File "/usr/local/lib/python2.7/dist-packages/vmtp/compute.py", line 136, in init_key_pair
    return self.add_public_key(kp_name, ssh_access.public_key_file)
  File "/usr/local/lib/python2.7/dist-packages/vmtp/compute.py", line 118, in add_public_key
    self.remove_public_key(name)
  File "/usr/local/lib/python2.7/dist-packages/vmtp/compute.py", line 97, in remove_public_key
    keypair_list = self.novaclient.keypairs.list()
  File "/usr/local/lib/python2.7/dist-packages/novaclient/api_versions.py", line 378, in substitution
    return methods[-1].func(obj, *args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/novaclient/v2/keypairs.py", line 163, in list
    return self._list('/%s' % self.keypair_prefix, 'keypairs')
  File "/usr/local/lib/python2.7/dist-packages/novaclient/base.py", line 242, in _list
    resp, body = self.api.client.get(url)
  File "/usr/local/lib/python2.7/dist-packages/novaclient/client.py", line 481, in get
    return self._cs_request(url, 'GET', **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/novaclient/client.py", line 437, in _cs_request
    self.authenticate()
  File "/usr/local/lib/python2.7/dist-packages/novaclient/client.py", line 594, in authenticate
    auth_url = self._v2_auth(auth_url)
  File "/usr/local/lib/python2.7/dist-packages/novaclient/client.py", line 685, in _v2_auth
    return self._authenticate(url, body)
  File "/usr/local/lib/python2.7/dist-packages/novaclient/client.py", line 698, in _authenticate
    **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/novaclient/client.py", line 432, in _time_request
    resp, body = self.request(url, method, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/novaclient/client.py", line 397, in request
    **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 57, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 475, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 585, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 477, in send
    raise SSLError(e, request=request)
SSLError: [Errno 1] _ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

2016-07-12 00:50:12,947 INFO Cleaning up...
/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:122: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
Traceback (most recent call last):
  File "/usr/local/bin/vmtp", line 11, in <module>
    sys.exit(main())
  File "/usr/local/lib/python2.7/dist-packages/vmtp/vmtp.py", line 1142, in main
    run_vmtp(opts)
  File "/usr/local/lib/python2.7/dist-packages/vmtp/vmtp.py", line 1107, in run_vmtp
    vmtp_instance.run()
  File "/usr/local/lib/python2.7/dist-packages/vmtp/vmtp.py", line 438, in run
    self.teardown()
  File "/usr/local/lib/python2.7/dist-packages/vmtp/vmtp.py", line 411, in teardown
    self.comp.remove_public_key(self.config.public_key_name)
  File "/usr/local/lib/python2.7/dist-packages/vmtp/compute.py", line 97, in remove_public_key
    keypair_list = self.novaclient.keypairs.list()
  File "/usr/local/lib/python2.7/dist-packages/novaclient/api_versions.py", line 378, in substitution
    return methods[-1].func(obj, *args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/novaclient/v2/keypairs.py", line 163, in list
    return self._list('/%s' % self.keypair_prefix, 'keypairs')
  File "/usr/local/lib/python2.7/dist-packages/novaclient/base.py", line 242, in _list
    resp, body = self.api.client.get(url)
  File "/usr/local/lib/python2.7/dist-packages/novaclient/client.py", line 481, in get
    return self._cs_request(url, 'GET', **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/novaclient/client.py", line 437, in _cs_request
    self.authenticate()
  File "/usr/local/lib/python2.7/dist-packages/novaclient/client.py", line 594, in authenticate
    auth_url = self._v2_auth(auth_url)
  File "/usr/local/lib/python2.7/dist-packages/novaclient/client.py", line 685, in _v2_auth
    return self._authenticate(url, body)
  File "/usr/local/lib/python2.7/dist-packages/novaclient/client.py", line 698, in _authenticate
    **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/novaclient/client.py", line 432, in _time_request
    resp, body = self.request(url, method, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/novaclient/client.py", line 397, in request
    **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 57, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 475, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 585, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 477, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: [Errno 1] _ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

dengjian (dengjian111)
description: updated
Revision history for this message
Yichen Wang (yicwang) wrote :

VMTP does support TLS. So can you make sure you have the required information in in your environment or openrc file, and the certificate file is exist in your filesystem. Also please let me know your VMTP version, that will help as well.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.