[Libguestfs] [PATCH v5 4/4] v2v: Add -o rhv-upload output mode.
Richard W.M. Jones
rjones at redhat.com
Fri Mar 9 10:14:56 UTC 2018
On Fri, Mar 09, 2018 at 11:05:09AM +0100, Ondra Machacek wrote:
> On 03/08/2018 12:57 PM, Nir Soffer wrote:
> >On Thu, Mar 8, 2018 at 11:37 AM Richard W.M. Jones
> > +# Connect to the server.
> > +connection = sdk.Connection(
> > + url = params['output_conn'],
> > + username = username,
> > + password = output_password,
> > + ca_file = params['rhv_cafile'],
> > + log = logging.getLogger(),
> > + insecure = True, # XXX?
> >
> >
> >ovirt-imageio authentication is based on the assumption that the
> >secret random url is passed from engine to the user via https.
> >if this access engine using clear text then yes it is bad :-)
> >
> >Ondra, can you explain the semantics of incsecure=True?
>
> I can see you are using 'ca_file' attribute. So you should use
> insecure=True, only when user don't pass ca_file. If you pass
> insecure=True we don't validate certificate, but https still can be
> used. Preferred is of course using ca_file to validate certificates.
To be clear, do you mean that insecure = True means we don't validate
the server's identity? IOW it would be like using
CURLOPT_SSL_VERIFYPEER=0 in libcurl?
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top
More information about the Libguestfs
mailing list