[Libguestfs] [PATCH 2/3] v2v: -o rhv-upload: Only set SSL context for https connections.
Nir Soffer
nsoffer at redhat.com
Wed Sep 19 17:26:19 UTC 2018
On Wed, Sep 19, 2018 at 7:24 PM Richard W.M. Jones <rjones at redhat.com>
wrote:
> For real imageio servers the destination will always be https. This
> change has no effect there.
>
> However when testing we want to use an http server for simplicity. As
> there is no cafile in this case the call to
> ssl.create_default_context().load_verify_locations(cafile=...) will fail.
> ---
> v2v/rhv-upload-plugin.py | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/v2v/rhv-upload-plugin.py b/v2v/rhv-upload-plugin.py
> index 5cd6d5cab..6e35b5057 100644
> --- a/v2v/rhv-upload-plugin.py
> +++ b/v2v/rhv-upload-plugin.py
> @@ -207,8 +207,11 @@ def open(readonly):
> else:
> destination_url = urlparse(transfer.proxy_url)
>
> - context = ssl.create_default_context()
> - context.load_verify_locations(cafile = params['rhv_cafile'])
>
This line was never needed. In imageio client we use:
context = ssl.create_default_context(
purpose=ssl.Purpose.SERVER_AUTH, cafile=cafile)
if not secure:
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
See
https://github.com/oVirt/ovirt-imageio/blob/356d224f1124deb3d63125b1f3b3e583839bcbd9/common/ovirt_imageio_common/client.py#L52
So we can replace this with
context = ssl.create_default_context(cafile = params.get('rhv_cafile'))
> + if destination_url.scheme == "https":
> + context = ssl.create_default_context()
> + context.load_verify_locations(cafile = params['rhv_cafile'])
> + else:
> + context = None
>
This will create a default context inside HTTPSConnection.__init__, which
will try to
verify the server certificate and hostname and may fail if the certificates
are not set
up properly in the tests.
Nir
>
> http = HTTPSConnection(
> destination_url.hostname,
> --
> 2.19.0.rc0
>
> _______________________________________________
> Libguestfs mailing list
> Libguestfs at redhat.com
> https://www.redhat.com/mailman/listinfo/libguestfs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libguestfs/attachments/20180919/f22a12c8/attachment.htm>
More information about the Libguestfs
mailing list