Change in ovirt-hosted-engine-setup[ovirt-hosted-engine-setup-1.3]: pki: avoid trusting system defined CA certs

stirabos at redhat.com stirabos at redhat.com
Fri Apr 29 15:14:16 UTC 2016


Simone Tiraboschi has submitted this change and it was merged.

Change subject: pki: avoid trusting system defined CA certs
......................................................................


pki: avoid trusting system defined CA certs

ssl.create_default_context() loads by default also the system
defined CA certs and so hosted-engine-setup can securely download
the internal CA cert and the pubblic SSH key from the engine also
if the user replaced the internally signed apache cert with one
signed by a system trusted CA.
On the other side, python SDK will ignore them and so, to behave
consistently, it's better to ignore also here till we get the
capability to trust system trusted CA certs also in python SDK.

Change-Id: I33601d66f88c9cae999341c40c460be202efa4a3
Bug-Url: https://bugzilla.redhat.com/1321381
Signed-off-by: Simone Tiraboschi <stirabos at redhat.com>
---
M src/ovirt_hosted_engine_setup/ohttpshandler.py
1 file changed, 8 insertions(+), 3 deletions(-)

Approvals:
  Sandro Bonazzola: Looks good to me, approved
  Simone Tiraboschi: Verified
  Jenkins CI: Passed CI tests



-- 
To view, visit https://gerrit.ovirt.org/56853
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I33601d66f88c9cae999341c40c460be202efa4a3
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-hosted-engine-setup
Gerrit-Branch: ovirt-hosted-engine-setup-1.3
Gerrit-Owner: Simone Tiraboschi <stirabos at redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Sandro Bonazzola <sbonazzo at redhat.com>
Gerrit-Reviewer: Simone Tiraboschi <stirabos at redhat.com>
Gerrit-Reviewer: gerrit-hooks <automation at ovirt.org>



More information about the Engine-commits mailing list