Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1283932

Summary: openstack command issue InsecurePlatformWarning warning
Product: Red Hat OpenStack Reporter: Pablo Caruana <pcaruana>
Component: python-openstackclientAssignee: Jakub Ruzicka <jruzicka>
Status: CLOSED NOTABUG QA Contact: Shai Revivo <srevivo>
Severity: low Docs Contact:
Priority: medium    
Version: 6.0 (Juno)CC: apevec, goeran, jruzicka, jschluet, lhh, rcernin, srevivo
Target Milestone: asyncKeywords: ZStream
Target Release: 8.0 (Liberty)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-03-01 00:42:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Pablo Caruana 2015-11-20 10:15:53 UTC 
When running openstack commands on a RHEL7 machine, using HTTPS URL:s to the services, every command starts with a warning:

/usr/lib/python2.7/site-packages/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning

According to the web page referred, this seems to be a problem that has been fixed in a later version. 

python-openstackclient-1.0.3-2.el7.noarch
pyOpenSSL-0.13.1-3.el7.x86_64
Comment 2 Pablo Caruana 2015-11-20 10:22:45 UTC 
Similar messages happens with OSP7 Bug 1242675 " When the undercloud is configured with SSL=true any Cli command produce multiple SSL SecurityWarning. (edit) "
	
If using the package python-ndg_httpsclient from EPEL makes these warnings go away so basically the workaround is:

export PYTHONWARNINGS="ignore:Certificate has no, ignore:A true SSLContext object is not available"
Comment 6 Jakub Ruzicka 2016-08-22 11:29:05 UTC 
This warning isn't present in RDO with pyOpenSSL-0.15.1-1.el7ost, can we add that (or higher) to OSP?
Comment 7 Robin Cernin 2016-08-29 11:35:02 UTC 
If we talk about the pyOpenSSL this package is shipped with the current RHEL Server repositories and [latest] in the pyOpenSSL package is 0.13.1-3.el7. then we need to negotiate on adding this package to current RHEL Server repo. Not the OSP one.
Comment 8 Robin Cernin 2016-09-01 07:59:10 UTC 
Issues which blocks pyOpenSSL-0.15.1-1.el7ost being shipped yet with RHEL
Comment 9 Alan Pevec 2017-03-01 00:42:09 UTC 
not openstackclient issue