Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...
Dan Kenigsberg has posted comments on this change. Change subject: host-deploy: getChainFromSSL: acquire chain from session and not negotiation .. Patch Set 2: (2 comments) http://gerrit.ovirt.org/#/c/23773/2//COMMIT_MSG Commit Message: Line 5: CommitDate: 2014-01-28 15:47:20 +0200 Line 6: Line 7: host-deploy: getChainFromSSL: acquire chain from session and not negotiation Line 8: Line 9: although the negotiation seems to be the right place to acquire the Is there any reference (bug, mailing list) where these cases are discussed? Line 10: chain, in some cases it was missing the root certificate authority, Line 11: while the chain out of the session is a complete one. Line 12: Line 13: Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf http://gerrit.ovirt.org/#/c/23773/2/vdsm_reg/deployUtil.py.in File vdsm_reg/deployUtil.py.in: Line 1653: def check_ignore(*args, **kw): Line 1654: return True Line 1655: Line 1656: ctx = SSL.Context() Line 1657: ctx.set_verify(mode=SSL.verify_none, depth=0) I assume depth=0 means no limitation? It's not really related to the patch, but I do not really mind including it. Line 1658: with contextlib.closing(SSL.Connection(ctx)) as sock: Line 1659: # we would like to ignore any issue with certificates Line 1660: sock.set_post_connection_check_callback(check_ignore) Line 1661: sock.connect(host) -- To view, visit http://gerrit.ovirt.org/23773 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf Gerrit-PatchSet: 2 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev alo...@redhat.com Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com Gerrit-Reviewer: Douglas Schilling Landgraf dougsl...@redhat.com Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes ___ vdsm-patches mailing list vdsm-patches@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...
Alon Bar-Lev has posted comments on this change. Change subject: host-deploy: getChainFromSSL: acquire chain from session and not negotiation .. Patch Set 2: (2 comments) http://gerrit.ovirt.org/#/c/23773/2//COMMIT_MSG Commit Message: Line 5: CommitDate: 2014-01-28 15:47:20 +0200 Line 6: Line 7: host-deploy: getChainFromSSL: acquire chain from session and not negotiation Line 8: Line 9: although the negotiation seems to be the right place to acquire the Is there any reference (bug, mailing list) where these cases are discussed? https://bugzilla.redhat.com/show_bug.cgi?id=1058016 Line 10: chain, in some cases it was missing the root certificate authority, Line 11: while the chain out of the session is a complete one. Line 12: Line 13: Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf http://gerrit.ovirt.org/#/c/23773/2/vdsm_reg/deployUtil.py.in File vdsm_reg/deployUtil.py.in: Line 1653: def check_ignore(*args, **kw): Line 1654: return True Line 1655: Line 1656: ctx = SSL.Context() Line 1657: ctx.set_verify(mode=SSL.verify_none, depth=0) I assume depth=0 means no limitation? It's not really related to the patc it is verify_none... but depth is mandatory. Line 1658: with contextlib.closing(SSL.Connection(ctx)) as sock: Line 1659: # we would like to ignore any issue with certificates Line 1660: sock.set_post_connection_check_callback(check_ignore) Line 1661: sock.connect(host) -- To view, visit http://gerrit.ovirt.org/23773 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf Gerrit-PatchSet: 2 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev alo...@redhat.com Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com Gerrit-Reviewer: Douglas Schilling Landgraf dougsl...@redhat.com Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes ___ vdsm-patches mailing list vdsm-patches@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...
Dan Kenigsberg has posted comments on this change. Change subject: host-deploy: getChainFromSSL: acquire chain from session and not negotiation .. Patch Set 3: Code-Review+2 This ack-copying is a treat! -- To view, visit http://gerrit.ovirt.org/23773 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf Gerrit-PatchSet: 3 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev alo...@redhat.com Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com Gerrit-Reviewer: Douglas Schilling Landgraf dougsl...@redhat.com Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: No ___ vdsm-patches mailing list vdsm-patches@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...
Dan Kenigsberg has submitted this change and it was merged. Change subject: host-deploy: getChainFromSSL: acquire chain from session and not negotiation .. host-deploy: getChainFromSSL: acquire chain from session and not negotiation Although the negotiation seems to be the right place to acquire the chain, in some cases (such as the one reported in https://bugzilla.redhat.com/show_bug.cgi?id=1058016 ), it was missing the root certificate authority, while the chain out of the session is a complete one. Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf Signed-off-by: Alon Bar-Lev alo...@redhat.com Reviewed-on: http://gerrit.ovirt.org/23773 Reviewed-by: Douglas Schilling Landgraf dougsl...@redhat.com Reviewed-by: Dan Kenigsberg dan...@redhat.com --- M vdsm_reg/deployUtil.py.in 1 file changed, 9 insertions(+), 28 deletions(-) Approvals: Alon Bar-Lev: Verified Douglas Schilling Landgraf: Looks good to me, but someone else must approve Dan Kenigsberg: Looks good to me, approved -- To view, visit http://gerrit.ovirt.org/23773 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf Gerrit-PatchSet: 4 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev alo...@redhat.com Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com Gerrit-Reviewer: Douglas Schilling Landgraf dougsl...@redhat.com Gerrit-Reviewer: oVirt Jenkins CI Server ___ vdsm-patches mailing list vdsm-patches@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...
oVirt Jenkins CI Server has posted comments on this change. Change subject: host-deploy: getChainFromSSL: acquire chain from session and not negotiation .. Patch Set 3: Build Successful http://jenkins.ovirt.org/job/vdsm_unit_tests_gerrit_el/6135/ : SUCCESS http://jenkins.ovirt.org/job/vdsm_unit_tests_gerrit/7028/ : SUCCESS http://jenkins.ovirt.org/job/vdsm_pep8_gerrit/6922/ : SUCCESS -- To view, visit http://gerrit.ovirt.org/23773 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf Gerrit-PatchSet: 3 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev alo...@redhat.com Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com Gerrit-Reviewer: Douglas Schilling Landgraf dougsl...@redhat.com Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: No ___ vdsm-patches mailing list vdsm-patches@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...
Douglas Schilling Landgraf has posted comments on this change. Change subject: host-deploy: getChainFromSSL: acquire chain from session and not negotiation .. Patch Set 1: (2 comments) http://gerrit.ovirt.org/#/c/23773/1/vdsm_reg/deployUtil.py.in File vdsm_reg/deployUtil.py.in: Line 1653: def check_ignore(*args, **kw): Line 1654: return True Line 1655: Line 1656: ctx = SSL.Context() Line 1657: ctx.set_verify(SSL.verify_none, 10) I would keep: depth=10, Line 1658: with contextlib.closing(SSL.Connection(ctx)) as sock: Line 1659: # we would like to ignore any issue with certificates Line 1660: sock.set_post_connection_check_callback(check_ignore) Line 1661: sock.connect(host) Line 1659: # we would like to ignore any issue with certificates Line 1660: sock.set_post_connection_check_callback(check_ignore) Line 1661: sock.connect(host) Line 1662: # if we do not shutdown some sites hungs on close Line 1663: sock.shutdown(3) why 3? can we replace 3 with any constant like socket.SHUT_RDWR? Line 1664: return [c.as_pem() for c in sock.get_peer_cert_chain()] Line 1665: Line 1666: Line 1667: def getRhevmCert(IP, port): -- To view, visit http://gerrit.ovirt.org/23773 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev alo...@redhat.com Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com Gerrit-Reviewer: Douglas Schilling Landgraf dougsl...@redhat.com Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes ___ vdsm-patches mailing list vdsm-patches@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...
Alon Bar-Lev has posted comments on this change. Change subject: host-deploy: getChainFromSSL: acquire chain from session and not negotiation .. Patch Set 1: (2 comments) thanks! http://gerrit.ovirt.org/#/c/23773/1/vdsm_reg/deployUtil.py.in File vdsm_reg/deployUtil.py.in: Line 1653: def check_ignore(*args, **kw): Line 1654: return True Line 1655: Line 1656: ctx = SSL.Context() Line 1657: ctx.set_verify(SSL.verify_none, 10) I would keep: depth=10, hmmm should have been removed. Line 1658: with contextlib.closing(SSL.Connection(ctx)) as sock: Line 1659: # we would like to ignore any issue with certificates Line 1660: sock.set_post_connection_check_callback(check_ignore) Line 1661: sock.connect(host) Line 1659: # we would like to ignore any issue with certificates Line 1660: sock.set_post_connection_check_callback(check_ignore) Line 1661: sock.connect(host) Line 1662: # if we do not shutdown some sites hungs on close Line 1663: sock.shutdown(3) why 3? can we replace 3 with any constant like socket.SHUT_RDWR? it is not regual socket it is SSLConnection... looked for a constants... but ok. Line 1664: return [c.as_pem() for c in sock.get_peer_cert_chain()] Line 1665: Line 1666: Line 1667: def getRhevmCert(IP, port): -- To view, visit http://gerrit.ovirt.org/23773 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev alo...@redhat.com Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com Gerrit-Reviewer: Douglas Schilling Landgraf dougsl...@redhat.com Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes ___ vdsm-patches mailing list vdsm-patches@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...
oVirt Jenkins CI Server has posted comments on this change. Change subject: host-deploy: getChainFromSSL: acquire chain from session and not negotiation .. Patch Set 2: Build Successful http://jenkins.ovirt.org/job/vdsm_unit_tests_gerrit_el/6101/ : SUCCESS http://jenkins.ovirt.org/job/vdsm_unit_tests_gerrit/6994/ : SUCCESS http://jenkins.ovirt.org/job/vdsm_pep8_gerrit/6888/ : SUCCESS -- To view, visit http://gerrit.ovirt.org/23773 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf Gerrit-PatchSet: 2 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev alo...@redhat.com Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com Gerrit-Reviewer: Douglas Schilling Landgraf dougsl...@redhat.com Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: No ___ vdsm-patches mailing list vdsm-patches@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...
Douglas Schilling Landgraf has posted comments on this change. Change subject: host-deploy: getChainFromSSL: acquire chain from session and not negotiation .. Patch Set 2: (1 comment) http://gerrit.ovirt.org/#/c/23773/2/vdsm_reg/deployUtil.py.in File vdsm_reg/deployUtil.py.in: Line 1659: # we would like to ignore any issue with certificates Line 1660: sock.set_post_connection_check_callback(check_ignore) Line 1661: sock.connect(host) Line 1662: # if we do not shutdown some sites hungs on close Line 1663: sock.shutdown(socket.SHUT_RDWR) please note that I shared socket.SHUT_RDWR as example. The value is 2 for this constant not 3 as the previous code (That's why I asked why 3). The shut_rdwr closes the socket in both directions of socket although. Line 1664: return [c.as_pem() for c in sock.get_peer_cert_chain()] Line 1665: Line 1666: Line 1667: def getRhevmCert(IP, port): -- To view, visit http://gerrit.ovirt.org/23773 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf Gerrit-PatchSet: 2 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev alo...@redhat.com Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com Gerrit-Reviewer: Douglas Schilling Landgraf dougsl...@redhat.com Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes ___ vdsm-patches mailing list vdsm-patches@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...
Alon Bar-Lev has posted comments on this change. Change subject: host-deploy: getChainFromSSL: acquire chain from session and not negotiation .. Patch Set 2: (1 comment) http://gerrit.ovirt.org/#/c/23773/2/vdsm_reg/deployUtil.py.in File vdsm_reg/deployUtil.py.in: Line 1659: # we would like to ignore any issue with certificates Line 1660: sock.set_post_connection_check_callback(check_ignore) Line 1661: sock.connect(host) Line 1662: # if we do not shutdown some sites hungs on close Line 1663: sock.shutdown(socket.SHUT_RDWR) please note that I shared socket.SHUT_RDWR as example. The value is 2 for t I checked this value as well and it is working. Line 1664: return [c.as_pem() for c in sock.get_peer_cert_chain()] Line 1665: Line 1666: Line 1667: def getRhevmCert(IP, port): -- To view, visit http://gerrit.ovirt.org/23773 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf Gerrit-PatchSet: 2 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev alo...@redhat.com Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com Gerrit-Reviewer: Douglas Schilling Landgraf dougsl...@redhat.com Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes ___ vdsm-patches mailing list vdsm-patches@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...
Douglas Schilling Landgraf has posted comments on this change. Change subject: host-deploy: getChainFromSSL: acquire chain from session and not negotiation .. Patch Set 2: Code-Review+1 (1 comment) http://gerrit.ovirt.org/#/c/23773/2/vdsm_reg/deployUtil.py.in File vdsm_reg/deployUtil.py.in: Line 1659: # we would like to ignore any issue with certificates Line 1660: sock.set_post_connection_check_callback(check_ignore) Line 1661: sock.connect(host) Line 1662: # if we do not shutdown some sites hungs on close Line 1663: sock.shutdown(socket.SHUT_RDWR) I checked this value as well and it is working. great, thanks! Line 1664: return [c.as_pem() for c in sock.get_peer_cert_chain()] Line 1665: Line 1666: Line 1667: def getRhevmCert(IP, port): -- To view, visit http://gerrit.ovirt.org/23773 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf Gerrit-PatchSet: 2 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev alo...@redhat.com Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com Gerrit-Reviewer: Douglas Schilling Landgraf dougsl...@redhat.com Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes ___ vdsm-patches mailing list vdsm-patches@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...
Alon Bar-Lev has posted comments on this change. Change subject: host-deploy: getChainFromSSL: acquire chain from session and not negotiation .. Patch Set 2: Verified+1 Verified as standalone -- To view, visit http://gerrit.ovirt.org/23773 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf Gerrit-PatchSet: 2 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev alo...@redhat.com Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com Gerrit-Reviewer: Douglas Schilling Landgraf dougsl...@redhat.com Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: No ___ vdsm-patches mailing list vdsm-patches@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...
Alon Bar-Lev has posted comments on this change. Change subject: host-deploy: getChainFromSSL: acquire chain from session and not negotiation .. Patch Set 1: Reported at: https://bugzilla.redhat.com/show_bug.cgi?id=1058016 -- To view, visit http://gerrit.ovirt.org/23773 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev alo...@redhat.com Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com Gerrit-HasComments: No ___ vdsm-patches mailing list vdsm-patches@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...
Alon Bar-Lev has uploaded a new change for review. Change subject: host-deploy: getChainFromSSL: acquire chain from session and not negotiation .. host-deploy: getChainFromSSL: acquire chain from session and not negotiation although the negotiation seems to be the right place to acquire the chain, in some cases it was missing the root certificate authority, while the chain out of the session is a complete one. Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf Signed-off-by: Alon Bar-Lev alo...@redhat.com --- M vdsm_reg/deployUtil.py.in 1 file changed, 9 insertions(+), 28 deletions(-) git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/73/23773/1 diff --git a/vdsm_reg/deployUtil.py.in b/vdsm_reg/deployUtil.py.in index ba45d64..20d5c0c 100644 --- a/vdsm_reg/deployUtil.py.in +++ b/vdsm_reg/deployUtil.py.in @@ -19,6 +19,7 @@ # # Description: Deployment utilities. +import contextlib import subprocess import logging import traceback @@ -1649,38 +1650,18 @@ # which depends on M2Crypto from M2Crypto import SSL -# openssl verify callback does not -# accept context, so we collect the chain -# in semi-global dictionary -# -# a certificate may be revisit more than one time. -# -# format: -# depth: certificate -chain = {} - -def verify(ok, store): -chain[store.get_error_depth()] = store.get_current_cert().as_pem() -return True - def check_ignore(*args, **kw): return True ctx = SSL.Context() -ctx.set_verify( -SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, -depth=10, -callback=verify -) -sock = SSL.Connection(ctx) -# we would like to ignore any issue with certificates -sock.set_post_connection_check_callback(check_ignore) -sock.connect(host) -sock.close() - -# return sorted by depth -# first is end certificate -return [chain[depth] for depth in sorted(chain.keys())] +ctx.set_verify(SSL.verify_none, 10) +with contextlib.closing(SSL.Connection(ctx)) as sock: +# we would like to ignore any issue with certificates +sock.set_post_connection_check_callback(check_ignore) +sock.connect(host) +# if we do not shutdown some sites hungs on close +sock.shutdown(3) +return [c.as_pem() for c in sock.get_peer_cert_chain()] def getRhevmCert(IP, port): -- To view, visit http://gerrit.ovirt.org/23773 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev alo...@redhat.com ___ vdsm-patches mailing list vdsm-patches@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...
Alon Bar-Lev has posted comments on this change. Change subject: host-deploy: getChainFromSSL: acquire chain from session and not negotiation .. Patch Set 1: Code-Review+1 verified as standalone -- To view, visit http://gerrit.ovirt.org/23773 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev alo...@redhat.com Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com Gerrit-HasComments: No ___ vdsm-patches mailing list vdsm-patches@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
Change in vdsm[master]: host-deploy: getChainFromSSL: acquire chain from session and...
oVirt Jenkins CI Server has posted comments on this change. Change subject: host-deploy: getChainFromSSL: acquire chain from session and not negotiation .. Patch Set 1: Build Successful http://jenkins.ovirt.org/job/vdsm_unit_tests_gerrit_el/6091/ : SUCCESS http://jenkins.ovirt.org/job/vdsm_pep8_gerrit/6878/ : SUCCESS http://jenkins.ovirt.org/job/vdsm_unit_tests_gerrit/6984/ : SUCCESS -- To view, visit http://gerrit.ovirt.org/23773 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I397f1341984f78e8fc0a07e9256eeac362b0fcaf Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev alo...@redhat.com Gerrit-Reviewer: Alon Bar-Lev alo...@redhat.com Gerrit-Reviewer: Dan Kenigsberg dan...@redhat.com Gerrit-Reviewer: Douglas Schilling Landgraf dougsl...@redhat.com Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: No ___ vdsm-patches mailing list vdsm-patches@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches