Change in ovirt-engine-sdk[sdk_3.4]: sdk: Check SSL server name
juan.hernandez at redhat.com
juan.hernandez at redhat.com
Wed Apr 16 08:18:02 UTC 2014
Juan Hernandez has submitted this change and it was merged.
Change subject: sdk: Check SSL server name
......................................................................
sdk: Check SSL server name
Currently we don't check that the host name provided in the URL matches
the host name contained in the server certificate. This is a common
feature of most SSL clients, but it isn't well supported by the SSL
implementation in Python 2.6. To improve security this patch explicitly
checks the host name given in the URL against the subject common name
attribute and the subject alternative names extension. This check will
be enabled by default and disabled when using "insecure=True" in the
constructor of the entry point object.
Change-Id: I3fd771f1fd40e532cf1ca5649c3576e23be5a6dc
Signed-off-by: Juan Hernandez <juan.hernandez at redhat.com>
(cherry picked from commit 1acc07e8baa14f48fcb88c1b57f382268cc6dc31)
---
M src/ovirtsdk/web/connection.py
M src/ovirtsdk/web/httpsconnection.py
2 files changed, 107 insertions(+), 2 deletions(-)
Approvals:
Juan Hernandez: Verified; Looks good to me, approved
--
To view, visit http://gerrit.ovirt.org/26815
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I3fd771f1fd40e532cf1ca5649c3576e23be5a6dc
Gerrit-PatchSet: 2
Gerrit-Project: ovirt-engine-sdk
Gerrit-Branch: sdk_3.4
Gerrit-Owner: Juan Hernandez <juan.hernandez at redhat.com>
Gerrit-Reviewer: Juan Hernandez <juan.hernandez at redhat.com>
Gerrit-Reviewer: automation at ovirt.org
More information about the Engine-commits
mailing list