This is on RHEL 6.4 with ipa 3.0.0.
Any random command, I'm doing a cert-show here:
# ipa cert-show 1 ipa: ERROR: cert validation failed for "CN=pacer.greyoak.com,O=GREYOAK.COM" ((SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.) ipa: ERROR: non-public: AttributeError: KerbTransport instance has no attribute '_conn' Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/ipalib/backend.py", line 129, in execute result = self.Command[_name](*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in __call__ ret = self.run(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 748, in run return self.forward(*args, **options) File "/usr/lib/python2.6/site-packages/ipalib/plugins/cert.py", line 519, in forward return super(cert_show, self).forward(*keys, **options) File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 769, in forward return self.Backend.xmlclient.forward(self.name, *args, **kw) File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 728, in forward response = command(*xml_wrap(params)) File "/usr/lib64/python2.6/xmlrpclib.py", line 1199, in __call__ return self.__send(self.__name, args) File "/usr/lib64/python2.6/xmlrpclib.py", line 1489, in __request verbose=self.__verbose File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 475, in request self.close() File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 442, in close self._conn.close() AttributeError: KerbTransport instance has no attribute '_conn' ipa: ERROR: an internal error has occurred
We've seen this in the past, trying to close a connection that isn't there. There may already be a ticket on it. I opened this since it is such an easy reproducer. Just set the time past when the CA expires.
We think that this already fixed.
Moving stabilization tickets that do not affect FreeIPA 4.0 release usability in any significant way to 4.0.1 stabilization milestone.
FreeIPA 4.0.1 was released, moving to next bugfixing release milestone.
Works for me on IPA 4 master:
ipa cert-show 1 ipa: ERROR: cert validation failed for "CN=example.com,O=EXAMPLE.REDHAT.COM" ((SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.) ipa: ERROR: cannot connect to 'https://example.com/ipa/json': (SEC_ERROR_EXPIRED_CERTIFICATE) Peer's Certificate has expired.
Won't fix for 3.x
It is a wontfix - no clone.
Metadata Update from @rcritten: - Issue assigned to mbasti - Issue set to the milestone: FreeIPA 4.0.2
Login to comment on this ticket.