Change in ovirt-hosted-engine-setup[master]: pki: avoid trusting system defined CA certs

[stirabos at redhat.com]

Simone Tiraboschi has submitted this change and it was merged.

Change subject: pki: avoid trusting system defined CA certs
......................................................................


pki: avoid trusting system defined CA certs

ssl.create_default_context() loads by default also the system
defined CA certs and so hosted-engine-setup can securely download
the internal CA cert and the pubblic SSH key from the engine also
if the user replaced the internally signed apache cert with one
signed by a system trusted CA.
On the other side, python SDK will ignore them and so, to behave
consistently, it's better to ignore also here till we get the
capability to trust system trusted CA certs also in python SDK.

Change-Id: I33601d66f88c9cae999341c40c460be202efa4a3
Bug-Url: https://bugzilla.redhat.com/1321381
Signed-off-by: Simone Tiraboschi <stirabos at redhat.com>
---
M src/ovirt_hosted_engine_setup/ohttpshandler.py
1 file changed, 8 insertions(+), 3 deletions(-)

Approvals:
  Sandro Bonazzola: Looks good to me, approved
  Simone Tiraboschi: Verified
  Juan Hernandez: Looks good to me, but someone else must approve
  Jenkins CI: Passed CI tests



-- 
To view, visit https://gerrit.ovirt.org/56051
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I33601d66f88c9cae999341c40c460be202efa4a3
Gerrit-PatchSet: 2
Gerrit-Project: ovirt-hosted-engine-setup
Gerrit-Branch: master
Gerrit-Owner: Simone Tiraboschi <stirabos at redhat.com>
Gerrit-Reviewer: Francesco Romani <fromani at redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Juan Hernandez <juan.hernandez at redhat.com>
Gerrit-Reviewer: Sandro Bonazzola <sbonazzo at redhat.com>
Gerrit-Reviewer: Simone Tiraboschi <stirabos at redhat.com>
Gerrit-Reviewer: Yedidyah Bar David <didi at redhat.com>
Gerrit-Reviewer: gerrit-hooks <automation at ovirt.org>