Script 'mail_helper' called by ro Hello packager, This is just FYI. Your package was checked in in distribution "sle12" by autobuild-member: ro. Here comes the log... ---------------------------%<------------------------------ Hi, here is the log from ci_new_pac /mounts/work_src_done/SLE12/yast2-registration -> sle12 ## BNC# 891940 : "Build0665: Cannot register against SMT with self-signed certificate" (RESOLVED/FIXED) Changes: -------- --- /work/SRC/SUSE:SLE-12:GA/yast2-registration/yast2-registration.changes 2014-08-14 16:34:24.000000000 +0200 +++ /mounts/work_src_done/SLE12/yast2-registration/yast2-registration.changes 2014-08-15 09:24:11.000000000 +0200 @@ -1,0 +2,7 @@ +Thu Aug 14 15:23:54 UTC 2014 - lslezak@suse.cz + +- fixed importing SSL certificate, log errors in the SSL verify + callback (bnc#891940) +- 3.1.103 + +------------------------------------------------------------------- calling whatdependson for sle12-i586 Packages directly triggered for rebuild: - yast2-registration ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/SUSE:SLE-12:GA/yast2-registration (Old) and /mounts/work_src_done/SLE12/yast2-registration (BS:build ID:42699 MAIL:yast-commit@opensuse.org) (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "yast2-registration", Maintainer is "yast-commit@opensuse.org" Old: ---- yast2-registration-3.1.102.tar.bz2 New: ---- yast2-registration-3.1.103.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-registration.spec ++++++ --- /var/tmp/diff_new_pack.m5qZ5t/_old 2014-08-15 12:13:36.000000000 +0200 +++ /var/tmp/diff_new_pack.m5qZ5t/_new 2014-08-15 12:13:36.000000000 +0200 @@ -17,7 +17,7 @@ Name: yast2-registration -Version: 3.1.102 +Version: 3.1.103 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build ++++++ yast2-registration-3.1.102.tar.bz2 -> yast2-registration-3.1.103.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-registration-3.1.102/package/yast2-registration.changes new/yast2-registration-3.1.103/package/yast2-registration.changes --- old/yast2-registration-3.1.102/package/yast2-registration.changes 2014-08-14 15:24:48.000000000 +0200 +++ new/yast2-registration-3.1.103/package/yast2-registration.changes 2014-08-15 09:19:48.000000000 +0200 @@ -1,4 +1,11 @@ ------------------------------------------------------------------- +Thu Aug 14 15:23:54 UTC 2014 - lslezak@suse.cz + +- fixed importing SSL certificate, log errors in the SSL verify + callback (bnc#891940) +- 3.1.103 + +------------------------------------------------------------------- Thu Aug 14 12:34:50 UTC 2014 - lslezak@suse.cz - do not crash when SSL certificate download fails (bnc#891896) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-registration-3.1.102/package/yast2-registration.spec new/yast2-registration-3.1.103/package/yast2-registration.spec --- old/yast2-registration-3.1.102/package/yast2-registration.spec 2014-08-14 15:24:48.000000000 +0200 +++ new/yast2-registration-3.1.103/package/yast2-registration.spec 2014-08-15 09:19:48.000000000 +0200 @@ -17,7 +17,7 @@ Name: yast2-registration -Version: 3.1.102 +Version: 3.1.103 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-registration-3.1.102/src/lib/registration/registration.rb new/yast2-registration-3.1.103/src/lib/registration/registration.rb --- old/yast2-registration-3.1.102/src/lib/registration/registration.rb 2014-08-14 15:24:48.000000000 +0200 +++ new/yast2-registration-3.1.103/src/lib/registration/registration.rb 2014-08-15 09:19:48.000000000 +0200 @@ -149,21 +149,29 @@ # returns SSL verify callback def verify_callback lambda do |verify_ok, context| - # we cannot raise an exception with details here (all exceptions in - # verify_callback are caught and ignored), we need to store the error - # details in a global instance - if !verify_ok - log.error "SSL verification failed: #{context.error}: #{context.error_string}" - Storage::SSLErrors.instance.ssl_error_code = context.error - Storage::SSLErrors.instance.ssl_error_msg = context.error_string - Storage::SSLErrors.instance.ssl_failed_cert = context.current_cert ? - SslCertitificate.load(context.current_cert) : nil - end + begin + # we cannot raise an exception with details here (all exceptions in + # verify_callback are caught and ignored), we need to store the error + # details in a global instance + store_ssl_error(context) unless verify_ok - verify_ok + verify_ok + rescue Exception => e + log.error "Exception in SSL verify callback: #{e.class}: #{e.message} : #{e.backtrace}" + # the exception will be ignored, but reraise anyway... + raise e + end end end + def store_ssl_error(context) + log.error "SSL verification failed: #{context.error}: #{context.error_string}" + Storage::SSLErrors.instance.ssl_error_code = context.error + Storage::SSLErrors.instance.ssl_error_msg = context.error_string + Storage::SSLErrors.instance.ssl_failed_cert = context.current_cert ? + SslCertificate.load(context.current_cert) : nil + end + def connect_params(params) default_params = { :language => ::Registration::Helpers.language, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-registration-3.1.102/test/registration_spec.rb new/yast2-registration-3.1.103/test/registration_spec.rb --- old/yast2-registration-3.1.102/test/registration_spec.rb 2014-08-14 15:24:48.000000000 +0200 +++ new/yast2-registration-3.1.103/test/registration_spec.rb 2014-08-15 09:19:49.000000000 +0200 @@ -111,4 +111,43 @@ end end + describe "#verify_callback" do + let(:registration) { Registration::Registration.new } + let(:callback) { registration.send(:verify_callback) } + let(:error_code) { 19 } + let(:error_string) { "self signed certificate in certificate chain" } + # SSL error context + let(:context) { double(:error => error_code, :error_string => error_string) } + + it "stores the SSL error details" do + certificate = File.read(fixtures_file("test.pem")) + expect(context).to receive(:current_cert).and_return(certificate).twice + + storage = Registration::Storage::SSLErrors.instance + expect(storage).to receive(:ssl_error_code=).with(error_code) + expect(storage).to receive(:ssl_error_msg=).with(error_string) + expect(storage).to receive(:ssl_failed_cert=). + with(an_instance_of(Registration::SslCertificate)) + + expect { callback.call(false, context) }.to_not raise_error + end + + it "logs the exception raised inside" do + # set an invalid certificate to throw an exception in the callback + expect(context).to receive(:current_cert). + and_return("INVALID CERTIFICATE").twice + + logger = double + expect(logger).to receive(:error).with(/SSL verification failed:/) + # the exception is logged + expect(logger).to receive(:error).with( + /Exception in SSL verify callback: OpenSSL::X509::CertificateError/) + + allow(registration).to receive(:log).and_return(logger) + + # the exception is re-raised + expect { callback.call(false, context) }.to raise_error OpenSSL::X509::CertificateError + end + end + end continue with "q"... Checked in at Fri Aug 15 12:14:05 CEST 2014 by ro Remember to have fun... -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org