On Wed, Sep 19, 2018 at 7:24 PM Richard W.M. Jones <rjones@redhat.com> wrote:
For real imageio servers the destination will always be https.  This
change has no effect there.

However when testing we want to use an http server for simplicity.  As
there is no cafile in this case the call to
ssl.create_default_context().load_verify_locations(cafile=...) will fail.
---
 v2v/rhv-upload-plugin.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/v2v/rhv-upload-plugin.py b/v2v/rhv-upload-plugin.py
index 5cd6d5cab..6e35b5057 100644
--- a/v2v/rhv-upload-plugin.py
+++ b/v2v/rhv-upload-plugin.py
@@ -207,8 +207,11 @@ def open(readonly):
     else:
         destination_url = urlparse(transfer.proxy_url)

-    context = ssl.create_default_context()
-    context.load_verify_locations(cafile = params['rhv_cafile'])

This line was never needed. In imageio client we use:

    context = ssl.create_default_context(
        purpose=ssl.Purpose.SERVER_AUTH, cafile=cafile)

    if not secure:
        context.check_hostname = False
        context.verify_mode = ssl.CERT_NONE

See https://github.com/oVirt/ovirt-imageio/blob/356d224f1124deb3d63125b1f3b3e583839bcbd9/common/ovirt_imageio_common/client.py#L52

So we can replace this with

    context = ssl.create_default_context(cafile = params.get('rhv_cafile'))
 
+    if destination_url.scheme == "https":
+        context = ssl.create_default_context()
+        context.load_verify_locations(cafile = params['rhv_cafile'])
+    else:
+        context = None

This will create a default context inside HTTPSConnection.__init__, which will try to 
verify the server certificate and hostname and may fail if the certificates are not set
up properly in the tests.

Nir
 

     http = HTTPSConnection(
         destination_url.hostname,
--
2.19.0.rc0

_______________________________________________
Libguestfs mailing list
Libguestfs@redhat.com
https://www.redhat.com/mailman/listinfo/libguestfs