Simone Tiraboschi has submitted this change and it was merged. Change subject: pki: avoid trusting system defined CA certs ...................................................................... pki: avoid trusting system defined CA certs ssl.create_default_context() loads by default also the system defined CA certs and so hosted-engine-setup can securely download the internal CA cert and the pubblic SSH key from the engine also if the user replaced the internally signed apache cert with one signed by a system trusted CA. On the other side, python SDK will ignore them and so, to behave consistently, it's better to ignore also here till we get the capability to trust system trusted CA certs also in python SDK. Change-Id: I33601d66f88c9cae999341c40c460be202efa4a3 Bug-Url: https://bugzilla.redhat.com/1321381 Signed-off-by: Simone Tiraboschi <stirabos@redhat.com> --- M src/ovirt_hosted_engine_setup/ohttpshandler.py 1 file changed, 8 insertions(+), 3 deletions(-) Approvals: Sandro Bonazzola: Looks good to me, approved Simone Tiraboschi: Verified Juan Hernandez: Looks good to me, but someone else must approve Jenkins CI: Passed CI tests -- To view, visit https://gerrit.ovirt.org/56051 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: I33601d66f88c9cae999341c40c460be202efa4a3 Gerrit-PatchSet: 2 Gerrit-Project: ovirt-hosted-engine-setup Gerrit-Branch: master Gerrit-Owner: Simone Tiraboschi <stirabos@redhat.com> Gerrit-Reviewer: Francesco Romani <fromani@redhat.com> Gerrit-Reviewer: Jenkins CI Gerrit-Reviewer: Juan Hernandez <juan.hernandez@redhat.com> Gerrit-Reviewer: Sandro Bonazzola <sbonazzo@redhat.com> Gerrit-Reviewer: Simone Tiraboschi <stirabos@redhat.com> Gerrit-Reviewer: Yedidyah Bar David <didi@redhat.com> Gerrit-Reviewer: gerrit-hooks <automation@ovirt.org>