Project

General

Profile

Actions
Copy link

Bug #39628

closed

mgr/dashboard: openssl exception when verifying certificates of HTTPS requests

Added by Ricardo Dias almost 5 years ago. Updated about 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Ricardo Dias
Category:
General - Back-end
Target version:
Ceph - v15.0.0
% Done:

0%

Source:
Tags:
Backport:
nautilus
Regression:
No
Severity:
1 - critical
Reviewed:
Affected Versions:
Ceph - v14.2.0, Ceph - v14.2.1
ceph-qa-suite:
Pull request ID:
28023
Crash signature (v1):
Crash signature (v2):

Description

When the dashboard backend tries to access an external service provided by a REST API with SSL enabled it fails to verify the connection's SSL certificate with the following stacktrace:

Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/cherrypy/_cprequest.py", line 670, in respond
    response.body = self.handler()
  File "/usr/lib/python3.6/site-packages/cherrypy/lib/encoding.py", line 221, in __call__
    self.body = self.oldhandler(*args, **kwargs)
  File "/usr/lib/python3.6/site-packages/cherrypy/_cptools.py", line 237, in wrap
    return self.newhandler(innerfunc, *args, **kwargs)
  File "/usr/share/ceph/mgr/dashboard/services/exception.py", line 88, in dashboard_exception_handler
    return handler(*args, **kwargs)
  File "/usr/lib/python3.6/site-packages/cherrypy/_cpdispatch.py", line 60, in __call__
    return self.callable(*self.args, **self.kwargs)
  File "/usr/share/ceph/mgr/dashboard/controllers/__init__.py", line 649, in inner
    ret = func(*args, **kwargs)
  File "/usr/share/ceph/mgr/dashboard/controllers/grafana.py", line 37, in validation
    response = grafana.url_validation(method, url)
  File "/usr/share/ceph/mgr/dashboard/controllers/grafana.py", line 16, in url_validation
    path, verify=False)
  File "/usr/lib/python3.6/site-packages/requests/api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 524, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 637, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 449, in send
    timeout=timeout
  File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen
    chunked=chunked)
  File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 343, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 839, in _validate_conn
    conn.connect()
  File "/usr/lib/python3.6/site-packages/urllib3/connection.py", line 332, in connect
    cert_reqs=resolve_cert_reqs(self.cert_reqs),
  File "/usr/lib/python3.6/site-packages/urllib3/util/ssl_.py", line 281, in create_urllib3_context
    context.verify_mode = cert_reqs
  File "/usr/lib/python3.6/site-packages/urllib3/contrib/pyopenssl.py", line 412, in verify_mode
    _verify_callback
  File "/usr/lib/python3.6/site-packages/OpenSSL/SSL.py", line 1061, in set_verify
    self._verify_helper = _VerifyHelper(callback)
  File "/usr/lib/python3.6/site-packages/OpenSSL/SSL.py", line 337, in __init__
    "int (*)(int, X509_STORE_CTX *)", wrapper)
SystemError: <built-in method callback of CompiledFFI object at 0x7efe00acf5b8> returned NULL without setting an error

Related issues 1 (0 open1 closed)

Copied to Dashboard - Backport #39962: nautilus: mgr/dashboard: openssl exception when verifying certificates of HTTPS requestsResolvedNathan CutlerActions
Actions
Copy link

Also available in: Atom PDF