Re: [Libguestfs] [PATCH v5 4/4] v2v: Add -o rhv-upload output mode.

On Fri, Mar 09, 2018 at 11:05:09AM +0100, Ondra Machacek wrote: > On 03/08/2018 12:57 PM, Nir Soffer wrote: >> On Thu, Mar 8, 2018 at 11:37 AM Richard W.M. Jones >> +# Connect to the server. >> +connection = sdk.Connection( >> +    url = params['output_conn'], >> +    username = username, >> +    password = output_password, >> +    ca_file = params['rhv_cafile'], >> +    log = logging.getLogger(), >> +    insecure = True,        # XXX? >> >> >> ovirt-imageio authentication is based on the assumption that the >> secret random url is passed from engine  to the user via https. >> if this access engine using clear text then yes it is bad :-) >> >> Ondra, can you explain the semantics of incsecure=True? > > I can see you are using 'ca_file' attribute. So you should use > insecure=True, only when user don't pass ca_file. If you pass > insecure=True we don't validate certificate, but https still can be > used. Preferred is of course using ca_file to validate certificates. To be clear, do you mean that insecure = True means we don't validate the server's identity? IOW it would be like using CURLOPT_SSL_VERIFYPEER=0 in libcurl?

Rich.