On Wed, Sep 19, 2018 at 7:24 PM Richard W.M. Jones <rjones@redhat.com> wrote:

For real imageio servers the destination will always be https. This
change has no effect there.

However when testing we want to use an http server for simplicity. As
there is no cafile in this case the call to
ssl.create_default_context().load_verify_locations(cafile=...) will fail.
---
v2v/rhv-upload-plugin.py | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/v2v/rhv-upload-plugin.py b/v2v/rhv-upload-plugin.py
index 5cd6d5cab..6e35b5057 100644
--- a/v2v/rhv-upload-plugin.py
+++ b/v2v/rhv-upload-plugin.py
@@ -207,8 +207,11 @@ def open(readonly):
else:
destination_url = urlparse(transfer.proxy_url)

- context = ssl.create_default_context()
- context.load_verify_locations(cafile = params['rhv_cafile'])

This line was never needed. In imageio client we use:

context = ssl.create_default_context(

purpose=ssl.Purpose.SERVER_AUTH, cafile=cafile)

if not secure:

context.check_hostname = False

context.verify_mode = ssl.CERT_NONE

See https://github.com/oVirt/ovirt-imageio/blob/356d224f1124deb3d63125b1f3b3e583839bcbd9/common/ovirt_imageio_common/client.py#L52

So we can replace this with

context = ssl.create_default_context(cafile = params.get('rhv_cafile'))

+ if destination_url.scheme == "https":
+ context = ssl.create_default_context()
+ context.load_verify_locations(cafile = params['rhv_cafile'])
+ else:
+ context = None

This will create a default context inside HTTPSConnection.__init__, which will try to

verify the server certificate and hostname and may fail if the certificates are not set

up properly in the tests.

Nir

http = HTTPSConnection(
destination_url.hostname,
--
2.19.0.rc0

_______________________________________________
Libguestfs mailing list
Libguestfs@redhat.com
https://www.redhat.com/mailman/listinfo/libguestfs