[Python-modules-team] Bug#971872: python3-winrm: Does not work with self-signed certificates

Jan Hudec bulb at ucw.cz
Thu Oct 8 21:42:43 BST 2020 

Package: python3-winrm
Version: 0.3.0-2
Severity: normal
Tags: upstream

Dear Maintainer,

server_cert_validation 'ignore' does not work in 0.3.0. This is mainly
problem with virtual machines (e.g. provisioning them using ansible) as they
start out with just self-signed certificate.

E.g. running ansible from vagrant results in:

    fatal: [default]: UNREACHABLE! => {"changed": false, "msg": "ssl: HTTPSConnectionPool(host='127.0.0.1', port=55985): Max retries exceeded with url: /wsman (Caused by SSLError(SSLError(\"bad handshake: Error([('SSL routines', 'ssl3_get_record', 'wrong version number')])\")))", "unreachable": true}

It can be resolved by forcing plain html (which is good enough for virtuals
on localhost), but everybody must find out first.

The problem was already reported to upstream long ago as
https://github.com/diyan/pywinrm/issues/201 and should be fixed in release
0.4.0.

Regards,
Jan

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
     ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'oldstable-updates'), (500, 'unstable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: x32, i386

Kernel: Linux 5.8.0-2-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en_US
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages python3-winrm depends on:
ii  python3                3.8.2-3
ii  python3-requests       2.23.0+dfsg-2
ii  python3-requests-ntlm  1.1.0-1
ii  python3-six            1.15.0-1
ii  python3-xmltodict      0.12.0-2

Versions of packages python3-winrm recommends:
ii  python3-requests-kerberos  0.12.0-2

python3-winrm suggests no packages.

-- no debconf information

More information about the Python-modules-team mailing list