Alon Bar-Lev has posted comments on this change.
Change subject: sdk: Add constructor parameter validate_cert_chain=True #915225
......................................................................
Patch Set 1: (1 inline comment)
If I understand correctly the validate_cert_chain=False turns off certificate
chain validation, so OK.
However, usually crypto libs are searching for default certificate authorities
if None/NULL is passed... while we are to ignore.
I have expected something like:
c.SSLConnect()
if validate_cert_chain:
c.VerifyPeer()
But if setting ca_file to None does the jobs then great.
Thanks.
....................................................
File src/ovirtsdk/web/connection.py
Line 108:
Line 109: u = self.__parse_url(url)
Line 110:
Line 111: if(u.scheme == 'https'):
Line 112: if (not insecure and not ca_file) and validate_cert_chain:
if validate_cert_chain:
if not isecure and not ca_file:
raise ...
else:
ca_file = None
No that I even now understand what isecure is, but as far as I understand
provided insecure is False and never to be touched again, it is OK.
Line 113: raise NoCertificatesError
Line 114: elif not validate_cert_chain:
Line 115: ca_file = None
Line 116:
--
To view, visit http://gerrit.ovirt.org/12474
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I61707c4b0380665bc42b34387efdc622cfc4201e
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine-sdk
Gerrit-Branch: master
Gerrit-Owner: Michael Pasternak <[email protected]>
Gerrit-Reviewer: Alon Bar-Lev <[email protected]>
Gerrit-Reviewer: Ravi Nori <[email protected]>
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches
