subject:"Change in vdsm\[master\]\: host\-deploy\: getChainFromSSL\: acquire chain from session and..."

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

2014-01-30 Thread danken

Dan Kenigsberg has posted comments on this change.

Change subject: host-deploy: getChainFromSSL: acquire chain from session and 
not negotiation
..


Patch Set 2:

(2 comments)

http://gerrit.ovirt.org/#/c/23773/2//COMMIT_MSG
Commit Message:

Line 5: CommitDate: 2014-01-28 15:47:20 +0200
Line 6: 
Line 7: host-deploy: getChainFromSSL: acquire chain from session and not 
negotiation
Line 8: 
Line 9: although the negotiation seems to be the right place to acquire the
Is there any reference (bug, mailing list) where these cases are discussed?
Line 10: chain, in some cases it was missing the root certificate authority,
Line 11: while the chain out of the session is a complete one.
Line 12: 
Line 13: Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf


http://gerrit.ovirt.org/#/c/23773/2/vdsm_reg/deployUtil.py.in
File vdsm_reg/deployUtil.py.in:

Line 1653: def check_ignore(*args, **kw):
Line 1654: return True
Line 1655: 
Line 1656: ctx = SSL.Context()
Line 1657: ctx.set_verify(mode=SSL.verify_none, depth=0)
I assume depth=0 means no limitation? It's not really related to the patch, 
but I do not really mind including it.
Line 1658: with contextlib.closing(SSL.Connection(ctx)) as sock:
Line 1659: # we would like to ignore any issue with certificates
Line 1660: sock.set_post_connection_check_callback(check_ignore)
Line 1661: sock.connect(host)


-- 
To view, visit http://gerrit.ovirt.org/23773
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf
Gerrit-PatchSet: 2
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev alo...@redhat.com
Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Douglas Schilling Landgraf dougsl...@redhat.com
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

2014-01-30 Thread Alon Bar-Lev

Alon Bar-Lev has posted comments on this change.

Change subject: host-deploy: getChainFromSSL: acquire chain from session and 
not negotiation
..


Patch Set 2:

(2 comments)

http://gerrit.ovirt.org/#/c/23773/2//COMMIT_MSG
Commit Message:

Line 5: CommitDate: 2014-01-28 15:47:20 +0200
Line 6: 
Line 7: host-deploy: getChainFromSSL: acquire chain from session and not 
negotiation
Line 8: 
Line 9: although the negotiation seems to be the right place to acquire the
 Is there any reference (bug, mailing list) where these cases are discussed?
https://bugzilla.redhat.com/show_bug.cgi?id=1058016
Line 10: chain, in some cases it was missing the root certificate authority,
Line 11: while the chain out of the session is a complete one.
Line 12: 
Line 13: Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf


http://gerrit.ovirt.org/#/c/23773/2/vdsm_reg/deployUtil.py.in
File vdsm_reg/deployUtil.py.in:

Line 1653: def check_ignore(*args, **kw):
Line 1654: return True
Line 1655: 
Line 1656: ctx = SSL.Context()
Line 1657: ctx.set_verify(mode=SSL.verify_none, depth=0)
 I assume depth=0 means no limitation? It's not really related to the patc
it is verify_none... but depth is mandatory.
Line 1658: with contextlib.closing(SSL.Connection(ctx)) as sock:
Line 1659: # we would like to ignore any issue with certificates
Line 1660: sock.set_post_connection_check_callback(check_ignore)
Line 1661: sock.connect(host)


-- 
To view, visit http://gerrit.ovirt.org/23773
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf
Gerrit-PatchSet: 2
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev alo...@redhat.com
Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Douglas Schilling Landgraf dougsl...@redhat.com
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

2014-01-30 Thread danken

Dan Kenigsberg has posted comments on this change.

Change subject: host-deploy: getChainFromSSL: acquire chain from session and 
not negotiation
..


Patch Set 3: Code-Review+2

This ack-copying is a treat!

-- 
To view, visit http://gerrit.ovirt.org/23773
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf
Gerrit-PatchSet: 3
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev alo...@redhat.com
Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Douglas Schilling Landgraf dougsl...@redhat.com
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

2014-01-30 Thread danken

Dan Kenigsberg has submitted this change and it was merged.

Change subject: host-deploy: getChainFromSSL: acquire chain from session and 
not negotiation
..


host-deploy: getChainFromSSL: acquire chain from session and not negotiation

Although the negotiation seems to be the right place to acquire the
chain, in some cases (such as the one reported in
https://bugzilla.redhat.com/show_bug.cgi?id=1058016 ), it was missing
the root certificate authority, while the chain out of the session is a
complete one.

Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf
Signed-off-by: Alon Bar-Lev alo...@redhat.com
Reviewed-on: http://gerrit.ovirt.org/23773
Reviewed-by: Douglas Schilling Landgraf dougsl...@redhat.com
Reviewed-by: Dan Kenigsberg dan...@redhat.com
---
M vdsm_reg/deployUtil.py.in
1 file changed, 9 insertions(+), 28 deletions(-)

Approvals:
  Alon Bar-Lev: Verified
  Douglas Schilling Landgraf: Looks good to me, but someone else must approve
  Dan Kenigsberg: Looks good to me, approved



-- 
To view, visit http://gerrit.ovirt.org/23773
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf
Gerrit-PatchSet: 4
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev alo...@redhat.com
Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Douglas Schilling Landgraf dougsl...@redhat.com
Gerrit-Reviewer: oVirt Jenkins CI Server
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

2014-01-30 Thread oVirt Jenkins CI Server

oVirt Jenkins CI Server has posted comments on this change.

Change subject: host-deploy: getChainFromSSL: acquire chain from session and 
not negotiation
..


Patch Set 3:

Build Successful 

http://jenkins.ovirt.org/job/vdsm_unit_tests_gerrit_el/6135/ : SUCCESS

http://jenkins.ovirt.org/job/vdsm_unit_tests_gerrit/7028/ : SUCCESS

http://jenkins.ovirt.org/job/vdsm_pep8_gerrit/6922/ : SUCCESS

-- 
To view, visit http://gerrit.ovirt.org/23773
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf
Gerrit-PatchSet: 3
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev alo...@redhat.com
Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Douglas Schilling Landgraf dougsl...@redhat.com
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

2014-01-28 Thread dougsland

Douglas Schilling Landgraf has posted comments on this change.

Change subject: host-deploy: getChainFromSSL: acquire chain from session and 
not negotiation
..


Patch Set 1:

(2 comments)

http://gerrit.ovirt.org/#/c/23773/1/vdsm_reg/deployUtil.py.in
File vdsm_reg/deployUtil.py.in:

Line 1653: def check_ignore(*args, **kw):
Line 1654: return True
Line 1655: 
Line 1656: ctx = SSL.Context()
Line 1657: ctx.set_verify(SSL.verify_none, 10)
I would keep: depth=10,
Line 1658: with contextlib.closing(SSL.Connection(ctx)) as sock:
Line 1659: # we would like to ignore any issue with certificates
Line 1660: sock.set_post_connection_check_callback(check_ignore)
Line 1661: sock.connect(host)


Line 1659: # we would like to ignore any issue with certificates
Line 1660: sock.set_post_connection_check_callback(check_ignore)
Line 1661: sock.connect(host)
Line 1662: # if we do not shutdown some sites hungs on close
Line 1663: sock.shutdown(3)
why 3? can we replace 3 with any constant like socket.SHUT_RDWR?
Line 1664: return [c.as_pem() for c in sock.get_peer_cert_chain()]
Line 1665: 
Line 1666: 
Line 1667: def getRhevmCert(IP, port):


-- 
To view, visit http://gerrit.ovirt.org/23773
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev alo...@redhat.com
Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Douglas Schilling Landgraf dougsl...@redhat.com
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

2014-01-28 Thread Alon Bar-Lev

Alon Bar-Lev has posted comments on this change.

Change subject: host-deploy: getChainFromSSL: acquire chain from session and 
not negotiation
..


Patch Set 1:

(2 comments)

thanks!

http://gerrit.ovirt.org/#/c/23773/1/vdsm_reg/deployUtil.py.in
File vdsm_reg/deployUtil.py.in:

Line 1653: def check_ignore(*args, **kw):
Line 1654: return True
Line 1655: 
Line 1656: ctx = SSL.Context()
Line 1657: ctx.set_verify(SSL.verify_none, 10)
 I would keep: depth=10,
hmmm should have been removed.
Line 1658: with contextlib.closing(SSL.Connection(ctx)) as sock:
Line 1659: # we would like to ignore any issue with certificates
Line 1660: sock.set_post_connection_check_callback(check_ignore)
Line 1661: sock.connect(host)


Line 1659: # we would like to ignore any issue with certificates
Line 1660: sock.set_post_connection_check_callback(check_ignore)
Line 1661: sock.connect(host)
Line 1662: # if we do not shutdown some sites hungs on close
Line 1663: sock.shutdown(3)
 why 3? can we replace 3 with any constant like socket.SHUT_RDWR?
it is not regual socket it is SSLConnection... looked for a constants... 
but ok.
Line 1664: return [c.as_pem() for c in sock.get_peer_cert_chain()]
Line 1665: 
Line 1666: 
Line 1667: def getRhevmCert(IP, port):


-- 
To view, visit http://gerrit.ovirt.org/23773
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev alo...@redhat.com
Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Douglas Schilling Landgraf dougsl...@redhat.com
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

2014-01-28 Thread oVirt Jenkins CI Server

oVirt Jenkins CI Server has posted comments on this change.

Change subject: host-deploy: getChainFromSSL: acquire chain from session and 
not negotiation
..


Patch Set 2:

Build Successful 

http://jenkins.ovirt.org/job/vdsm_unit_tests_gerrit_el/6101/ : SUCCESS

http://jenkins.ovirt.org/job/vdsm_unit_tests_gerrit/6994/ : SUCCESS

http://jenkins.ovirt.org/job/vdsm_pep8_gerrit/6888/ : SUCCESS

-- 
To view, visit http://gerrit.ovirt.org/23773
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf
Gerrit-PatchSet: 2
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev alo...@redhat.com
Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Douglas Schilling Landgraf dougsl...@redhat.com
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

2014-01-28 Thread dougsland

Douglas Schilling Landgraf has posted comments on this change.

Change subject: host-deploy: getChainFromSSL: acquire chain from session and 
not negotiation
..


Patch Set 2:

(1 comment)

http://gerrit.ovirt.org/#/c/23773/2/vdsm_reg/deployUtil.py.in
File vdsm_reg/deployUtil.py.in:

Line 1659: # we would like to ignore any issue with certificates
Line 1660: sock.set_post_connection_check_callback(check_ignore)
Line 1661: sock.connect(host)
Line 1662: # if we do not shutdown some sites hungs on close
Line 1663: sock.shutdown(socket.SHUT_RDWR)
please note that I shared socket.SHUT_RDWR as example. The value is 2 for this 
constant not 3 as the previous code (That's why I asked why 3). The shut_rdwr 
closes the socket in both directions of socket although.
Line 1664: return [c.as_pem() for c in sock.get_peer_cert_chain()]
Line 1665: 
Line 1666: 
Line 1667: def getRhevmCert(IP, port):


-- 
To view, visit http://gerrit.ovirt.org/23773
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf
Gerrit-PatchSet: 2
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev alo...@redhat.com
Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Douglas Schilling Landgraf dougsl...@redhat.com
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

2014-01-28 Thread Alon Bar-Lev

Alon Bar-Lev has posted comments on this change.

Change subject: host-deploy: getChainFromSSL: acquire chain from session and 
not negotiation
..


Patch Set 2:

(1 comment)

http://gerrit.ovirt.org/#/c/23773/2/vdsm_reg/deployUtil.py.in
File vdsm_reg/deployUtil.py.in:

Line 1659: # we would like to ignore any issue with certificates
Line 1660: sock.set_post_connection_check_callback(check_ignore)
Line 1661: sock.connect(host)
Line 1662: # if we do not shutdown some sites hungs on close
Line 1663: sock.shutdown(socket.SHUT_RDWR)
 please note that I shared socket.SHUT_RDWR as example. The value is 2 for t
I checked this value as well and it is working.
Line 1664: return [c.as_pem() for c in sock.get_peer_cert_chain()]
Line 1665: 
Line 1666: 
Line 1667: def getRhevmCert(IP, port):


-- 
To view, visit http://gerrit.ovirt.org/23773
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf
Gerrit-PatchSet: 2
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev alo...@redhat.com
Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Douglas Schilling Landgraf dougsl...@redhat.com
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

2014-01-28 Thread dougsland

Douglas Schilling Landgraf has posted comments on this change.

Change subject: host-deploy: getChainFromSSL: acquire chain from session and 
not negotiation
..


Patch Set 2: Code-Review+1

(1 comment)

http://gerrit.ovirt.org/#/c/23773/2/vdsm_reg/deployUtil.py.in
File vdsm_reg/deployUtil.py.in:

Line 1659: # we would like to ignore any issue with certificates
Line 1660: sock.set_post_connection_check_callback(check_ignore)
Line 1661: sock.connect(host)
Line 1662: # if we do not shutdown some sites hungs on close
Line 1663: sock.shutdown(socket.SHUT_RDWR)
 I checked this value as well and it is working.
great, thanks!
Line 1664: return [c.as_pem() for c in sock.get_peer_cert_chain()]
Line 1665: 
Line 1666: 
Line 1667: def getRhevmCert(IP, port):


-- 
To view, visit http://gerrit.ovirt.org/23773
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf
Gerrit-PatchSet: 2
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev alo...@redhat.com
Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Douglas Schilling Landgraf dougsl...@redhat.com
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

2014-01-28 Thread Alon Bar-Lev

Alon Bar-Lev has posted comments on this change.

Change subject: host-deploy: getChainFromSSL: acquire chain from session and 
not negotiation
..


Patch Set 2: Verified+1

Verified as standalone

-- 
To view, visit http://gerrit.ovirt.org/23773
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf
Gerrit-PatchSet: 2
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev alo...@redhat.com
Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Douglas Schilling Landgraf dougsl...@redhat.com
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

2014-01-27 Thread Alon Bar-Lev

Alon Bar-Lev has posted comments on this change.

Change subject: host-deploy: getChainFromSSL: acquire chain from session and 
not negotiation
..


Patch Set 1:

Reported at: https://bugzilla.redhat.com/show_bug.cgi?id=1058016

-- 
To view, visit http://gerrit.ovirt.org/23773
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev alo...@redhat.com
Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

2014-01-27 Thread Alon Bar-Lev

Alon Bar-Lev has uploaded a new change for review.

Change subject: host-deploy: getChainFromSSL: acquire chain from session and 
not negotiation
..

host-deploy: getChainFromSSL: acquire chain from session and not negotiation

although the negotiation seems to be the right place to acquire the
chain, in some cases it was missing the root certificate authority,
while the chain out of the session is a complete one.

Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf
Signed-off-by: Alon Bar-Lev alo...@redhat.com
---
M vdsm_reg/deployUtil.py.in
1 file changed, 9 insertions(+), 28 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/73/23773/1

diff --git a/vdsm_reg/deployUtil.py.in b/vdsm_reg/deployUtil.py.in
index ba45d64..20d5c0c 100644
--- a/vdsm_reg/deployUtil.py.in
+++ b/vdsm_reg/deployUtil.py.in
@@ -19,6 +19,7 @@
 #
 # Description: Deployment utilities.
 
+import contextlib
 import subprocess
 import logging
 import traceback
@@ -1649,38 +1650,18 @@
 # which depends on M2Crypto
 from M2Crypto import SSL
 
-# openssl verify callback does not
-# accept context, so we collect the chain
-# in semi-global dictionary
-#
-# a certificate may be revisit more than one time.
-#
-# format:
-#   depth: certificate
-chain = {}
-
-def verify(ok, store):
-chain[store.get_error_depth()] = store.get_current_cert().as_pem()
-return True
-
 def check_ignore(*args, **kw):
 return True
 
 ctx = SSL.Context()
-ctx.set_verify(
-SSL.verify_peer | SSL.verify_fail_if_no_peer_cert,
-depth=10,
-callback=verify
-)
-sock = SSL.Connection(ctx)
-# we would like to ignore any issue with certificates
-sock.set_post_connection_check_callback(check_ignore)
-sock.connect(host)
-sock.close()
-
-# return sorted by depth
-# first is end certificate
-return [chain[depth] for depth in sorted(chain.keys())]
+ctx.set_verify(SSL.verify_none, 10)
+with contextlib.closing(SSL.Connection(ctx)) as sock:
+# we would like to ignore any issue with certificates
+sock.set_post_connection_check_callback(check_ignore)
+sock.connect(host)
+# if we do not shutdown some sites hungs on close
+sock.shutdown(3)
+return [c.as_pem() for c in sock.get_peer_cert_chain()]
 
 
 def getRhevmCert(IP, port):


-- 
To view, visit http://gerrit.ovirt.org/23773
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev alo...@redhat.com
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

2014-01-27 Thread Alon Bar-Lev

Alon Bar-Lev has posted comments on this change.

Change subject: host-deploy: getChainFromSSL: acquire chain from session and 
not negotiation
..


Patch Set 1: Code-Review+1

verified as standalone

-- 
To view, visit http://gerrit.ovirt.org/23773
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev alo...@redhat.com
Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

2014-01-27 Thread oVirt Jenkins CI Server

oVirt Jenkins CI Server has posted comments on this change.

Change subject: host-deploy: getChainFromSSL: acquire chain from session and 
not negotiation
..


Patch Set 1:

Build Successful 

http://jenkins.ovirt.org/job/vdsm_unit_tests_gerrit_el/6091/ : SUCCESS

http://jenkins.ovirt.org/job/vdsm_pep8_gerrit/6878/ : SUCCESS

http://jenkins.ovirt.org/job/vdsm_unit_tests_gerrit/6984/ : SUCCESS

-- 
To view, visit http://gerrit.ovirt.org/23773
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev alo...@redhat.com
Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com
Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com
Gerrit-Reviewer: Douglas Schilling Landgraf dougsl...@redhat.com
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...

16 matches

Site Navigation

Mail list logo

Footer information