Simone Tiraboschi has submitted this change and it was merged.
Change subject: pki: avoid trusting system defined CA certs
......................................................................
pki: avoid trusting system defined CA certs
ssl.create_default_context() loads by default also the system
defined CA certs and so hosted-engine-setup can securely download
the internal CA cert and the pubblic SSH key from the engine also
if the user replaced the internally signed apache cert with one
signed by a system trusted CA.
On the other side, python SDK will ignore them and so, to behave
consistently, it's better to ignore also here till we get the
capability to trust system trusted CA certs also in python SDK.
Change-Id: I33601d66f88c9cae999341c40c460be202efa4a3
Bug-Url:
https://bugzilla.redhat.com/1321381
Signed-off-by: Simone Tiraboschi <stirabos(a)redhat.com>
---
M src/ovirt_hosted_engine_setup/ohttpshandler.py
1 file changed, 8 insertions(+), 3 deletions(-)
Approvals:
Sandro Bonazzola: Looks good to me, approved
Simone Tiraboschi: Verified
Juan Hernandez: Looks good to me, but someone else must approve
Jenkins CI: Passed CI tests
--
To view, visit
https://gerrit.ovirt.org/56051
To unsubscribe, visit
https://gerrit.ovirt.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I33601d66f88c9cae999341c40c460be202efa4a3
Gerrit-PatchSet: 2
Gerrit-Project: ovirt-hosted-engine-setup
Gerrit-Branch: master
Gerrit-Owner: Simone Tiraboschi <stirabos(a)redhat.com>
Gerrit-Reviewer: Francesco Romani <fromani(a)redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Juan Hernandez <juan.hernandez(a)redhat.com>
Gerrit-Reviewer: Sandro Bonazzola <sbonazzo(a)redhat.com>
Gerrit-Reviewer: Simone Tiraboschi <stirabos(a)redhat.com>
Gerrit-Reviewer: Yedidyah Bar David <didi(a)redhat.com>
Gerrit-Reviewer: gerrit-hooks <automation(a)ovirt.org>