Juan Hernandez has submitted this change and it was merged. Change subject: sdk: Check SSL server name ...................................................................... sdk: Check SSL server name Currently we don't check that the host name provided in the URL matches the host name contained in the server certificate. This is a common feature of most SSL clients, but it isn't well supported by the SSL implementation in Python 2.6. To improve security this patch explicitly checks the host name given in the URL against the subject common name attribute and the subject alternative names extension. This check will be enabled by default and disabled when using "insecure=True" in the constructor of the entry point object. Change-Id: I3fd771f1fd40e532cf1ca5649c3576e23be5a6dc Signed-off-by: Juan Hernandez <juan.hernandez@redhat.com> (cherry picked from commit 1acc07e8baa14f48fcb88c1b57f382268cc6dc31) --- M src/ovirtsdk/web/connection.py M src/ovirtsdk/web/httpsconnection.py 2 files changed, 107 insertions(+), 2 deletions(-) Approvals: Juan Hernandez: Verified; Looks good to me, approved -- To view, visit http://gerrit.ovirt.org/26815 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: I3fd771f1fd40e532cf1ca5649c3576e23be5a6dc Gerrit-PatchSet: 2 Gerrit-Project: ovirt-engine-sdk Gerrit-Branch: sdk_3.4 Gerrit-Owner: Juan Hernandez <juan.hernandez@redhat.com> Gerrit-Reviewer: Juan Hernandez <juan.hernandez@redhat.com> Gerrit-Reviewer: automation@ovirt.org