<div dir="ltr"><br><br><div class="gmail_quote"><div dir="ltr">On Thu, Sep 20, 2018 at 11:51 AM Richard W.M. Jones <<a href="mailto:rjones@redhat.com">rjones@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">For real imageio servers the destination will always be https.  This<br>
change has no effect there.<br>
<br>
However when testing we want to use an http server for simplicity.  As<br>
there is no certificate or cafile in this case the call to create the<br>
context will fail.<br>
<br>
This also simplifies creation of the context object and recognizes the<br>
"insecure" flag for connecting to imageio.<br>
<br>
Thanks: Nir Soffer.<br>
---<br>
 v2v/rhv-upload-plugin.py | 27 +++++++++++++++++++--------<br>
 1 file changed, 19 insertions(+), 8 deletions(-)<br>
<br>
diff --git a/v2v/rhv-upload-plugin.py b/v2v/rhv-upload-plugin.py<br>
index 5cd6d5cab..1a217b6dc 100644<br>
--- a/v2v/rhv-upload-plugin.py<br>
+++ b/v2v/rhv-upload-plugin.py<br>
@@ -207,14 +207,25 @@ def open(readonly):<br>
     else:<br>
         destination_url = urlparse(transfer.proxy_url)<br>
<br>
-    context = ssl.create_default_context()<br>
-    context.load_verify_locations(cafile = params['rhv_cafile'])<br>
-<br>
-    http = HTTPSConnection(<br>
-        destination_url.hostname,<br>
-        destination_url.port,<br>
-        context = context<br>
-    )<br>
+    if destination_url.scheme == "https":<br>
+        context = \<br>
+            ssl.create_default_context(purpose = ssl.Purpose.SERVER_AUTH,<br>
+                                       cafile = cafile)<br>
+        if params['insecure']:<br>
+            context.check_hostname = False<br>
+            context.verify_mode = ssl.CERT_NONE<br>
+        http = HTTPSConnection(<br>
+            destination_url.hostname,<br>
+            destination_url.port,<br>
+            context = context<br>
+        )<br>
+    elif destination_url.scheme == "http":<br>
+        http = HTTPConnection(<br>
+            destination_url.hostname,<br>
+            destination_url.port,<br>
+        )<br>
+    else:<br>
+        raise RuntimeError("unknown URL scheme (%s)" % destination_url.scheme)<br></blockquote><div><br></div><div>I would not change production code to support http. Instead the test server</div><div>should use HTTPS.</div><div><br></div><div>This way we may have working tests when the real code path fail during runtime.</div><div><br></div><div>Nir</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
     # The first request is to fetch the features of the server.<br>
<br>
-- <br>
2.19.0.rc0<br>
<br>
_______________________________________________<br>
Libguestfs mailing list<br>
<a href="mailto:Libguestfs@redhat.com" target="_blank">Libguestfs@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/libguestfs" rel="noreferrer" target="_blank">https://www.redhat.com/mailman/listinfo/libguestfs</a><br>
</blockquote></div></div>