On Fri, Mar 09, 2018 at 11:05:09AM +0100, Ondra Machacek wrote: > On 03/08/2018 12:57 PM, Nir Soffer wrote: > >On Thu, Mar 8, 2018 at 11:37 AM Richard W.M. Jones > > +# Connect to the server. > > +connection = sdk.Connection( > > + url = params['output_conn'], > > + username = username, > > + password = output_password, > > + ca_file = params['rhv_cafile'], > > + log = logging.getLogger(), > > + insecure = True, # XXX? > > > > > >ovirt-imageio authentication is based on the assumption that the > >secret random url is passed from engine to the user via https. > >if this access engine using clear text then yes it is bad :-) > > > >Ondra, can you explain the semantics of incsecure=True? > > I can see you are using 'ca_file' attribute. So you should use > insecure=True, only when user don't pass ca_file. If you pass > insecure=True we don't validate certificate, but https still can be > used. Preferred is of course using ca_file to validate certificates.
To be clear, do you mean that insecure = True means we don't validate the server's identity? IOW it would be like using CURLOPT_SSL_VERIFYPEER=0 in libcurl? Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-top is 'top' for virtual machines. Tiny program with many powerful monitoring features, net stats, disk stats, logging, etc. http://people.redhat.com/~rjones/virt-top _______________________________________________ Libguestfs mailing list Libguestfs@redhat.com https://www.redhat.com/mailman/listinfo/libguestfs