[Libguestfs] [PATCH v5 4/4] v2v: Add -o rhv-upload output mode.
Ondra Machacek
omachace at redhat.com
Fri Mar 9 10:18:29 UTC 2018
On 03/09/2018 11:14 AM, Richard W.M. Jones wrote:
> On Fri, Mar 09, 2018 at 11:05:09AM +0100, Ondra Machacek wrote:
>> On 03/08/2018 12:57 PM, Nir Soffer wrote:
>>> On Thu, Mar 8, 2018 at 11:37 AM Richard W.M. Jones
>>> +# Connect to the server.
>>> +connection = sdk.Connection(
>>> + url = params['output_conn'],
>>> + username = username,
>>> + password = output_password,
>>> + ca_file = params['rhv_cafile'],
>>> + log = logging.getLogger(),
>>> + insecure = True, # XXX?
>>>
>>>
>>> ovirt-imageio authentication is based on the assumption that the
>>> secret random url is passed from engine to the user via https.
>>> if this access engine using clear text then yes it is bad :-)
>>>
>>> Ondra, can you explain the semantics of incsecure=True?
>>
>> I can see you are using 'ca_file' attribute. So you should use
>> insecure=True, only when user don't pass ca_file. If you pass
>> insecure=True we don't validate certificate, but https still can be
>> used. Preferred is of course using ca_file to validate certificates.
>
> To be clear, do you mean that insecure = True means we don't validate
> the server's identity? IOW it would be like using
> CURLOPT_SSL_VERIFYPEER=0 in libcurl?
That's exactly what it does:
https://github.com/oVirt/ovirt-engine-sdk/blob/master/sdk/lib/ovirtsdk4/__init__.py#L395
>
> Rich.
>
More information about the Libguestfs
mailing list