-
Bug
-
Resolution: Unresolved
-
Major
-
rhel-9.5
-
ipa-4.13.1-2.el9
-
None
-
Moderate
-
1
-
rhel-idm-ipa
-
24
-
26
-
0
-
QE ack, Dev ack
-
False
-
False
-
-
No
-
IPA: RHELs for 10.2 and 9.8
-
Pass
-
Manual
-
Unspecified Release Note Type - Unknown
-
Unspecified
-
Unspecified
-
Unspecified
-
None
What were you trying to do that didn't work?
When using xml-rpc to query host_show, following error message appeared
[Thu Dec 11 10:04:39.589600 2025] [wsgi:error] [pid 107360:tid 107658] [remote 10.22.16.202:45978] ipa: ERROR: WSGI xmlserver_session.__call__(): [Thu Dec 11 10:04:39.589624 2025] [wsgi:error] [pid 107360:tid 107658] [remote 10.22.16.202:45978] Traceback (most recent call last): [Thu Dec 11 10:04:39.589629 2025] [wsgi:error] [pid 107360:tid 107658] [remote 10.22.16.202:45978] File "/usr/lib/python3.9/site-packages/ipaserver/rpcserver.py", line 490, in __call__ [Thu Dec 11 10:04:39.589634 2025] [wsgi:error] [pid 107360:tid 107658] [remote 10.22.16.202:45978] response = self.wsgi_execute(environ) [Thu Dec 11 10:04:39.589637 2025] [wsgi:error] [pid 107360:tid 107658] [remote 10.22.16.202:45978] File "/usr/lib/python3.9/site-packages/ipaserver/rpcserver.py", line 475, in wsgi_execute [Thu Dec 11 10:04:39.589641 2025] [wsgi:error] [pid 107360:tid 107658] [remote 10.22.16.202:45978] return self.marshal(result, error, _id, version) [Thu Dec 11 10:04:39.589645 2025] [wsgi:error] [pid 107360:tid 107658] [remote 10.22.16.202:45978] File "/usr/lib/python3.9/site-packages/ipaserver/rpcserver.py", line 850, in marshal [Thu Dec 11 10:04:39.589649 2025] [wsgi:error] [pid 107360:tid 107658] [remote 10.22.16.202:45978] dump = xml_dumps(response, version, methodresponse=True) [Thu Dec 11 10:04:39.589661 2025] [wsgi:error] [pid 107360:tid 107658] [remote 10.22.16.202:45978] File "/usr/lib/python3.9/site-packages/ipalib/rpc.py", line 299, in xml_dumps [Thu Dec 11 10:04:39.589723 2025] [wsgi:error] [pid 107360:tid 107658] [remote 10.22.16.202:45978] params = xml_wrap(params, version) [Thu Dec 11 10:04:39.589727 2025] [wsgi:error] [pid 107360:tid 107658] [remote 10.22.16.202:45978] File "/usr/lib/python3.9/site-packages/ipalib/rpc.py", line 192, in xml_wrap [Thu Dec 11 10:04:39.589733 2025] [wsgi:error] [pid 107360:tid 107658] [remote 10.22.16.202:45978] return tuple(xml_wrap(v, version) for v in value) [Thu Dec 11 10:04:39.589771 2025] [wsgi:error] [pid 107360:tid 107658] [remote 10.22.16.202:45978] File "/usr/lib/python3.9/site-packages/ipalib/rpc.py", line 192, in <genexpr> [Thu Dec 11 10:04:39.589777 2025] [wsgi:error] [pid 107360:tid 107658] [remote 10.22.16.202:45978] return tuple(xml_wrap(v, version) for v in value) [Thu Dec 11 10:04:39.589782 2025] [wsgi:error] [pid 107360:tid 107658] [remote 10.22.16.202:45978] File "/usr/lib/python3.9/site-packages/ipalib/rpc.py", line 194, in xml_wrap [Thu Dec 11 10:04:39.589787 2025] [wsgi:error] [pid 107360:tid 107658] [remote 10.22.16.202:45978] return dict( [Thu Dec 11 10:04:39.589795 2025] [wsgi:error] [pid 107360:tid 107658] [remote 10.22.16.202:45978] File "/usr/lib/python3.9/site-packages/ipalib/rpc.py", line 195, in <genexpr> [Thu Dec 11 10:04:39.589834 2025] [wsgi:error] [pid 107360:tid 107658] [remote 10.22.16.202:45978] (k, xml_wrap(v, version)) for (k, v) in value.items() [Thu Dec 11 10:04:39.589843 2025] [wsgi:error] [pid 107360:tid 107658] [remote 10.22.16.202:45978] File "/usr/lib/python3.9/site-packages/ipalib/rpc.py", line 194, in xml_wrap [Thu Dec 11 10:04:39.589878 2025] [wsgi:error] [pid 107360:tid 107658] [remote 10.22.16.202:45978] return dict( [Thu Dec 11 10:04:39.589882 2025] [wsgi:error] [pid 107360:tid 107658] [remote 10.22.16.202:45978] File "/usr/lib/python3.9/site-packages/ipalib/rpc.py", line 195, in <genexpr> [Thu Dec 11 10:04:39.589887 2025] [wsgi:error] [pid 107360:tid 107658] [remote 10.22.16.202:45978] (k, xml_wrap(v, version)) for (k, v) in value.items() [Thu Dec 11 10:04:39.589891 2025] [wsgi:error] [pid 107360:tid 107658] [remote 10.22.16.202:45978] File "/usr/lib/python3.9/site-packages/ipalib/rpc.py", line 192, in xml_wrap [Thu Dec 11 10:04:39.589896 2025] [wsgi:error] [pid 107360:tid 107658] [remote 10.22.16.202:45978] return tuple(xml_wrap(v, version) for v in value) [Thu Dec 11 10:04:39.589934 2025] [wsgi:error] [pid 107360:tid 107658] [remote 10.22.16.202:45978] File "/usr/lib/python3.9/site-packages/ipalib/rpc.py", line 192, in <genexpr> [Thu Dec 11 10:04:39.589939 2025] [wsgi:error] [pid 107360:tid 107658] [remote 10.22.16.202:45978] return tuple(xml_wrap(v, version) for v in value) [Thu Dec 11 10:04:39.589947 2025] [wsgi:error] [pid 107360:tid 107658] [remote 10.22.16.202:45978] File "/usr/lib/python3.9/site-packages/ipalib/rpc.py", line 231, in xml_wrap [Thu Dec 11 10:04:39.589983 2025] [wsgi:error] [pid 107360:tid 107658] [remote 10.22.16.202:45978] assert type(value) in (unicode, float, int, bool, type(None)) [Thu Dec 11 10:04:39.589989 2025] [wsgi:error] [pid 107360:tid 107658] [remote 10.22.16.202:45978] AssertionError
The AssertionError is because the value was in type IPACertificate, yet somehow it slipped through
if isinstance(value, crypto_x509.Certificate):
return base64.b64encode(
value.public_bytes(x509_Encoding.DER)).decode('ascii')
What is the impact of this issue to you?
Client/Web Application get failed Internal Error 500,
Please provide the package NVR for which the bug is seen:
ipa-4.12.2-1.el9_5.4
I can also reproduce this with RHEL10:
ipa-4.12.2-24.el10_1.1.x86_64
How reproducible is this bug?:
Always when changing locale
Steps to reproduce
On ipa server
- kinit admin
- LANG=C.UTF-8 ipa -vv -e rpc_protocol=xmlrpc host-show $(hostname)
Change the LANG= to any utf8 locate if failed to reproduce
Expected results
ipa host-show succeed.
Actual results
ipa: ERROR: cannot connect to 'https://host0.example.com/ipa/session/xml': Internal Server Error
Additional Info
This issue only occurs in xmlrpc, jsonrpc works fine.
So one of a work around is using jsonrpc instead.
Should you need to use xmlrpc, the follow patch apply for RHEL 10
diff -up /usr/lib/python3.12/site-packages/ipalib/rpc.py.orig /usr/lib/python3.12/site-packages/ipalib/rpc.py --- /usr/lib/python3.12/site-packages/ipalib/rpc.py.orig 2026-01-23 14:11:26.020712446 +1000 +++ /usr/lib/python3.12/site-packages/ipalib/rpc.py 2026-01-23 16:33:55.194090310 +1000 @@ -56,7 +56,7 @@ from ipalib.errors import (errors_by_cod XMLRPCMarshallError, JSONError) from ipalib import errors, capabilities from ipalib.request import context, Connection -from ipalib.x509 import Encoding as x509_Encoding +from ipalib.x509 import Encoding as x509_Encoding, IPACertificate from ipapython import ipautil from ipapython import session_storage from ipapython.cookie import Cookie @@ -224,6 +224,11 @@ def xml_wrap(value, version): return base64.b64encode( value.public_bytes(x509_Encoding.DER)).decode('ascii') + if isinstance(value, IPACertificate): + logger.warning("xml_wrap: isinstance(value, crypto_x509.Certificate) failed)") + return base64.b64encode( + value.public_bytes(x509_Encoding.DER)).decode('ascii') + if isinstance(value, crypto_x509.CertificateSigningRequest): return base64.b64encode( value.public_bytes(x509_Encoding.DER)).decode('ascii')
