| 2017-02-28 05:12:43 |
James Hebden |
description |
When setting landscape-client's ssl-public-key setting to a base64-encoded PEM-format CA or self-signed certificate, the client.conf is updated to include the base64 value. This does not appear to work, at least with 16.03 and 16.06 clients.
Attempts to register or communicate with Landscape fail with and "Error 77" from PyCurl.
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/landscape/broker/transport.py", line 71, in exchange
message_api)
File "/usr/lib/python2.7/dist-packages/landscape/broker/transport.py", line 45, in _curl
headers=headers, cainfo=self._pubkey, curl=curl))
File "/usr/lib/python2.7/dist-packages/landscape/lib/fetch.py", line 109, in fetch
raise PyCurlError(e.args[0], e.args[1])
PyCurlError: Error 77:
Using the exact same certificate, non-base64 encoded, in PEM format (as in /etc/ssl/certs/landscape_server_ca.crt, which appears to be placed by the charm) - configuring the location of the PEM file in client.conf, the transaction (registration/update) works correctly.
client.conf:
ssl_public_key = /etc/ssl/certs/landscape_server_ca.crt
I have tested this with Landscape client 16.03 and 16.06, installed from the Xenial default repos, and https://launchpad.net/~landscape/+archive/ubuntu/16.06 respectively - both show the same behaviour unless a filename is used to configure the location of the public certificate used by landscape client in client.conf.
Ubuntu 16.04
landscape-client charm r55 from https://code.launchpad.net/~landscape-charmers/charms/trusty/landscape-client/trunk (latest from Charm store shows this behaviour, also) |
When setting landscape-client's ssl-public-key setting to a base64-encoded PEM-format CA or self-signed certificate, the client.conf is updated to include the base64 value. This does not appear to work, at least with 16.03 and 16.06 clients.
Attempts to register or communicate with Landscape fail with and "Error 77" from PyCurl.
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/landscape/broker/transport.py", line 71, in exchange
message_api)
File "/usr/lib/python2.7/dist-packages/landscape/broker/transport.py", line 45, in _curl
headers=headers, cainfo=self._pubkey, curl=curl))
File "/usr/lib/python2.7/dist-packages/landscape/lib/fetch.py", line 109, in fetch
raise PyCurlError(e.args[0], e.args[1])
PyCurlError: Error 77:
Using the exact same certificate, non-base64 encoded, in PEM format (as in /etc/ssl/certs/landscape_server_ca.crt, which appears to be placed by the charm) - configuring the location of the PEM file in client.conf, the transaction (registration/update) works correctly.
client.conf:
ssl_public_key = /etc/ssl/certs/landscape_server_ca.crt
I have tested this with Landscape client 16.03 and 16.06, installed from the Xenial default repos, and https://launchpad.net/~landscape/+archive/ubuntu/16.06 respectively - both show the same behaviour unless a filename is used to configure the location of the public certificate used by landscape client in client.conf.
Ubuntu 16.04
landscape-client charm: latest from Charm store. |
|
