Re: [Libguestfs] [PATCH 2/3] v2v: -o rhv-upload: Only set SSL context for https connections.
On Wed, Sep 19, 2018 at 7:24 PM Richard W.M. Jones <rjones(a)redhat.com>
wrote:
For real imageio servers the destination will always be https. This
change has no effect there.
However when testing we want to use an http server for simplicity. As
there is no cafile in this case the call to
ssl.create_default_context().load_verify_locations(cafile=...) will fail.
---
v2v/rhv-upload-plugin.py | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/v2v/rhv-upload-plugin.py b/v2v/rhv-upload-plugin.py
index 5cd6d5cab..6e35b5057 100644
--- a/v2v/rhv-upload-plugin.py
+++ b/v2v/rhv-upload-plugin.py
@@ -207,8 +207,11 @@ def open(readonly):
else:
destination_url = urlparse(transfer.proxy_url)
- context = ssl.create_default_context()
- context.load_verify_locations(cafile = params['rhv_cafile'])
This line was never needed. In imageio client we use:
context = ssl.create_default_context(
purpose=ssl.Purpose.SERVER_AUTH, cafile=cafile)
if not secure:
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
See
https://github.com/oVirt/ovirt-imageio/blob/356d224f1124deb3d63125b1f3b3e...
So we can replace this with
context = ssl.create_default_context(cafile = params.get('rhv_cafile'))
+ if destination_url.scheme == "https":
+ context = ssl.create_default_context()
+ context.load_verify_locations(cafile = params['rhv_cafile'])
+ else:
+ context = None
This will create a default context inside HTTPSConnection.__init__, which
will try to
verify the server certificate and hostname and may fail if the certificates
are not set
up properly in the tests.
Nir
http = HTTPSConnection(
destination_url.hostname,
--
2.19.0.rc0
_______________________________________________
Libguestfs mailing list
Libguestfs(a)redhat.com
https://www.redhat.com/mailman/listinfo/libguestfs
Attachments:
- attachment.html (text/html — 3.3 KB)