Since the latest
python-libs package update (
2.7.5-58.el7) its behavior about untrusted certificates has been changed (link) :
Note: The Python standard library was updated to enable certificate verification by default. Refer to the Knowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1219110) https://access.redhat.com/articles/2039753
i.e. it now check if certificate is trusted by default. As a result, the following errors appear on attempt to work with Billing API or APS API methods via Python (API interfaces with SSL enabled):
Stdout: Traceback (most recent call last): File "/usr/local/bm/tools_py/connect_to_poa.py", line 148, in <module> update_pemgate(api_ip, api_port, o.is_ssl_enabled, o.api_login, o.api_passwd) File "/usr/local/bm/tools_py/connect_to_poa.py", line 73, in update_pemgate api.PEMGATE.PEMOptionsUpdate(api_ip, api_port, 6, 1) File "/usr/lib/python2.7/site-packages/poaupdater/pbaapi.py", line 81, in __call__ return self.server.api(self.server.name, self.name, *args) ... File "/usr/lib64/python2.7/ssl.py", line 833, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)
This behavior has been reported to Odin Development team as request #POA-112708: "Upgrade failed if MN on RHEL7 (not CentOS) with Python < 2.7.9".
Please contact Technical Account Manager or firstname.lastname@example.org to trace the status of the request.
In order to workaround the issue disable certificate verification in
/etc/python/cert-verification.cfg configuration file by specifying the following line: