<div dir="ltr"><br><br><div class="gmail_quote"><div dir="ltr">On Thu, Sep 20, 2018 at 11:51 AM Richard W.M. Jones <<a href="mailto:rjones@redhat.com">rjones@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">For real imageio servers the destination will always be https. This<br>
change has no effect there.<br>
<br>
However when testing we want to use an http server for simplicity. As<br>
there is no certificate or cafile in this case the call to create the<br>
context will fail.<br>
<br>
This also simplifies creation of the context object and recognizes the<br>
"insecure" flag for connecting to imageio.<br>
<br>
Thanks: Nir Soffer.<br>
---<br>
v2v/rhv-upload-plugin.py | 27 +++++++++++++++++++--------<br>
1 file changed, 19 insertions(+), 8 deletions(-)<br>
<br>
diff --git a/v2v/rhv-upload-plugin.py b/v2v/rhv-upload-plugin.py<br>
index 5cd6d5cab..1a217b6dc 100644<br>
--- a/v2v/rhv-upload-plugin.py<br>
+++ b/v2v/rhv-upload-plugin.py<br>
@@ -207,14 +207,25 @@ def open(readonly):<br>
else:<br>
destination_url = urlparse(transfer.proxy_url)<br>
<br>
- context = ssl.create_default_context()<br>
- context.load_verify_locations(cafile = params['rhv_cafile'])<br>
-<br>
- http = HTTPSConnection(<br>
- destination_url.hostname,<br>
- destination_url.port,<br>
- context = context<br>
- )<br>
+ if destination_url.scheme == "https":<br>
+ context = \<br>
+ ssl.create_default_context(purpose = ssl.Purpose.SERVER_AUTH,<br>
+ cafile = cafile)<br>
+ if params['insecure']:<br>
+ context.check_hostname = False<br>
+ context.verify_mode = ssl.CERT_NONE<br>
+ http = HTTPSConnection(<br>
+ destination_url.hostname,<br>
+ destination_url.port,<br>
+ context = context<br>
+ )<br>
+ elif destination_url.scheme == "http":<br>
+ http = HTTPConnection(<br>
+ destination_url.hostname,<br>
+ destination_url.port,<br>
+ )<br>
+ else:<br>
+ raise RuntimeError("unknown URL scheme (%s)" % destination_url.scheme)<br></blockquote><div><br></div><div>I would not change production code to support http. Instead the test server</div><div>should use HTTPS.</div><div><br></div><div>This way we may have working tests when the real code path fail during runtime.</div><div><br></div><div>Nir</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
# The first request is to fetch the features of the server.<br>
<br>
-- <br>
2.19.0.rc0<br>
<br>
_______________________________________________<br>
Libguestfs mailing list<br>
<a href="mailto:Libguestfs@redhat.com" target="_blank">Libguestfs@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/libguestfs" rel="noreferrer" target="_blank">https://www.redhat.com/mailman/listinfo/libguestfs</a><br>
</blockquote></div></div>