[Freeipa-devel] python-nss-1.0.0-2.fc24.x86_64 from updates-testing breaks FreeIPA client API
Alexander Bokovoy
abokovoy at redhat.com
Thu Sep 29 08:14:50 UTC 2016
On to, 29 syys 2016, Martin Babinsky wrote:
>Hi list,
>
>today I noticed the following exceptions in my VMs when
>installing/using FreeIPA:
>
>"""
># ipa ping
>exception in SSLSocket.handshake_callback
>Traceback (most recent call last):
> File "/usr/lib/python2.7/site-packages/ipapython/nsslib.py", line
>258, in handshake_callback
> channel = sock.get_ssl_channel_info()
>nss.error.NSPRError: (SEC_ERROR_INVALID_ARGS) security library:
>invalid arguments.
>--------------------------------------------
>IPA server version 4.4.90. API version 2.215
>--------------------------------------------
>"""
>
>This was caused by python-nss-1.0.0-2.fc24.x86_64 which was pushed to
>updates-testing. Reverting the package to previous versions fixed the
>problem.
python-nss-1.0.0-1.fc25 (note fc25) works fine. There is no 1.0.0-2.fc25
which is a packaging bug, but that's should not be bringing any
difference as the tarball (1.0.0) is the same and no additional patches
were applied.
Also, we didn't have any changes between 4.4.1 and git master that could
have affected ipapython/nsslib.py other than 0f88f8fe889ae4801fc8d5ece1ad51c5246718ac,
which is this chunk of changes:
diff --git a/ipapython/nsslib.py b/ipapython/nsslib.py
index 1573de9..f9f64c1 100644
--- a/ipapython/nsslib.py
+++ b/ipapython/nsslib.py
@@ -234,7 +234,7 @@ class NSSConnection(httplib.HTTPConnection,
NSSAddressFamilyFallback):
self.sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True)
try:
self.sock.set_ssl_version_range(self.tls_version_min, self.tls_version_max)
- except NSPRError as e:
+ except NSPRError:
root_logger.error('Failed to set TLS range to %s, %s' % (self.tls_version_min, self.tls_version_max))
raise
self.sock.set_ssl_option(ssl_require_safe_negotiation, False)
e.g. nothing that is relevant to the trace you provided.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list