Univention Bugzilla – Bug 49471
schoolimport/ping: ConnectionError: hostname '**' doesn't match '**' (SSL certificate verification error)
Last modified: 2023-03-02 16:01:39 CET
+++ This bug was initially created as a clone of Bug #47911 +++ Reported again with a higher version: Version: 4.4-0 errata59 (Blumenthal) - UCS@school 4.4 v2 Interner Server-Fehler in "schoolimport/ping". Request: schoolimport/ping Traceback (most recent call last): File "%PY2.7%/univention/management/console/protocol/modserver.py", line 186, in _recv self.handle(msg) File "%PY2.7%/univention/management/console/protocol/modserver.py", line 296, in handle self.__handler.init() File "%PY2.7%/univention/management/console/modules/schoolimport/__init__.py", line 62, in init self.client = Client(self.username, self.password, log_level=Client.LOG_RESPONSE) File "%PY2.7%/ucsschool/http_api/client.py", line 383, in __init__ setattr(self, cls_name, kls(self)) File "%PY2.7%/ucsschool/http_api/client.py", line 475, in __init__ self.resource_url = self.client.resource_urls[self.resource_name] File "%PY2.7%/ucsschool/http_api/client.py", line 393, in resource_urls self._resource_urls = self.call_api('get', '.') File "%PY2.7%/ucsschool/http_api/client.py", line 452, in call_api raise ConnectionError(str(exc)) ConnectionError: hostname '****' doesn't match '****' Role: domaincontroller_master
reported again: Version: 4.4-5 errata686 (Blumenthal) - UCS@school 4.4 v5 Remark: Aufruf des grafischen Benutzerimports der UMC Error: Interner Server-Fehler in "schoolimport/ping". Request: schoolimport/ping Traceback (most recent call last): File "%PY2.7%/univention/management/console/base.py", line 359, in __error_handling six.reraise(etype, exc, etraceback) File "%PY2.7%/univention/management/console/protocol/modserver.py", line 198, in _recv self.handle(msg) File "%PY2.7%/univention/management/console/protocol/modserver.py", line 268, in handle six.reraise(self.__init_etype, self.__init_exc, self.__init_etraceback) File "%PY2.7%/univention/management/console/protocol/modserver.py", line 309, in handle self.__handler.init() File "%PY2.7%/univention/management/console/modules/schoolimport/__init__.py", line 69, in init ssl_verify=ssl_verify, File "%PY2.7%/ucsschool/http_api/client.py", line 383, in __init__ setattr(self, cls_name, kls(self)) File "%PY2.7%/ucsschool/http_api/client.py", line 475, in __init__ self.resource_url = self.client.resource_urls[self.resource_name] File "%PY2.7%/ucsschool/http_api/client.py", line 393, in resource_urls self._resource_urls = self.call_api('get', '.') File "%PY2.7%/ucsschool/http_api/client.py", line 452, in call_api raise ConnectionError(str(exc)) ConnectionError: hostname '****' doesn't match either of '****', '****' Role: domaincontroller_master
reported by Ingo Steuwer (univention) Version: 5.0-1 errata292 - UCS@school 5.0 v1 Remark: occured on our internal demo system primus.schule-univention.de Error: Interner Server-Fehler in "schoolimport/ping". Request: schoolimport/ping Traceback (most recent call last): File "%PY3%/urllib3/connectionpool.py", line 600, in urlopen chunked=chunked) File "%PY3%/urllib3/connectionpool.py", line 343, in _make_request self._validate_conn(conn) File "%PY3%/urllib3/connectionpool.py", line 841, in _validate_conn conn.connect() File "%PY3%/urllib3/connection.py", line 364, in connect _match_hostname(cert, self.assert_hostname or server_hostname) File "%PY3%/urllib3/connection.py", line 374, in _match_hostname match_hostname(cert, asserted_hostname) File "/usr/lib/python3.7/ssl.py", line 327, in match_hostname % (hostname, dnsnames[0])) ssl.SSLCertVerificationError: ("hostname 'primus.schule-univention.intranet' doesn't match 'primus.schule-univention.de'",) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "%PY3%/requests/adapters.py", line 449, in send timeout=timeout File "%PY3%/urllib3/connectionpool.py", line 638, in urlopen _stacktrace=sys.exc_info()[2]) File "%PY3%/urllib3/util/retry.py", line 398, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='primus.schule-univention.intranet', port=443): Max retries exceeded with url: /api/v1/ (Caused by SSLError(SSLCertVerificationError("hostname 'primus.schule-univention.intranet' doesn't match 'primus.schule-univention.de'"))) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "%PY3%/ucsschool/http_api/client.py", line 485, in call_api response = meth(**request_kwargs) File "%PY3%/requests/api.py", line 75, in get return request('get', url, params=params, **kwargs) File "%PY3%/requests/api.py", line 60, in request return session.request(method=method, url=url, **kwargs) File "%PY3%/requests/sessions.py", line 533, in request resp = self.send(prep, **send_kwargs) File "%PY3%/requests/sessions.py", line 646, in send r = adapter.send(request, **kwargs) File "%PY3%/requests/adapters.py", line 514, in send raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='primus.schule-univention.intranet', port=443): Max retries exceeded with url: /api/v1/ (Caused by SSLError(SSLCertVerificationError("hostname 'primus.schule-univention.intranet' doesn't match 'primus.schule-univention.de'"))) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "%PY3%/univention/management/console/base.py", line 344, in __error_handling six.reraise(etype, exc, etraceback) File "%PY3%/six.py", line 693, in reraise raise value File "%PY3%/univention/management/console/protocol/modserver.py", line 202, in _recv self.handle(msg) File "%PY3%/univention/management/console/protocol/modserver.py", line 270, in handle six.reraise(self.__init_etype, self.__init_exc, self.__init_etraceback) File "%PY3%/six.py", line 692, in reraise raise value.with_traceback(tb) File "%PY3%/univention/management/console/protocol/modserver.py", line 311, in handle self.__handler.init() File "%PY3%/univention/management/console/modules/schoolimport/__init__.py", line 80, in init ssl_verify=ssl_verify, File "%PY3%/ucsschool/http_api/client.py", line 400, in __init__ setattr(self, cls_name, kls(self)) File "%PY3%/ucsschool/http_api/client.py", line 522, in __init__ self.resource_url = self.client.resource_urls[self.resource_name] File "%PY3%/ucsschool/http_api/client.py", line 416, in resource_urls self._resource_urls = self.call_api("get", ".") File "%PY3%/ucsschool/http_api/client.py", line 487, in call_api raise ConnectionError(str(exc)) ucsschool.http_api.client.ConnectionError: HTTPSConnectionPool(host='primus.schule-univention.intranet', port=443): Max retries exceeded with url: /api/v1/ (Caused by SSLError(SSLCertVerificationError("hostname 'primus.schule-univention.intranet' doesn't match 'primus.schule-univention.de'"))) Role: domaincontroller_master
reported with a slightly different exception line: 2022102521000443 Version: 4.4-9 errata1324 (Blumenthal) - UCS@school 4.4 v9 Remark: Ich versuche in der Paedml Linux 7.2. den Benutzerimport zu starten Error: Interner Server-Fehler in "schoolimport/ping". Request: schoolimport/ping Traceback (most recent call last): File "%PY2.7%/univention/management/console/base.py", line 359, in __error_handling six.reraise(etype, exc, etraceback) File "%PY2.7%/univention/management/console/protocol/modserver.py", line 202, in _recv self.handle(msg) File "%PY2.7%/univention/management/console/protocol/modserver.py", line 272, in handle six.reraise(self.__init_etype, self.__init_exc, self.__init_etraceback) File "%PY2.7%/univention/management/console/protocol/modserver.py", line 313, in handle self.__handler.init() File "%PY2.7%/univention/management/console/modules/schoolimport/__init__.py", line 80, in init ssl_verify=ssl_verify, File "%PY2.7%/ucsschool/http_api/client.py", line 413, in __init__ setattr(self, cls_name, kls(self)) File "%PY2.7%/ucsschool/http_api/client.py", line 533, in __init__ self.resource_url = self.client.resource_urls[self.resource_name] File "%PY2.7%/ucsschool/http_api/client.py", line 429, in resource_urls self._resource_urls = self.call_api("get", ".") File "%PY2.7%/ucsschool/http_api/client.py", line 498, in call_api raise ConnectionError(str(exc)) ConnectionError: HTTPSConnectionPool(host='***', port=443): Max retries exceeded with url: /api/v1/ (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)'),)) Role: domaincontroller_master
reported again. The import is not usable. Do the ucr V from Bug 47911 are still valid as a workaround?
(In reply to Christina Scheinig from comment #5) > reported again. The import is not usable. > Do the ucr V from Bug 47911 are still valid as a workaround? Setting the ucr Variables still work, but the umc-webserver service has to be restarted.