Michael Pasternak has posted comments on this change. Change subject: sdk: Add constructor parameter validate_cert_chain=True #915225 ......................................................................
Patch Set 1: (1 inline comment) > If I understand correctly the validate_cert_chain=False turns off certificate > chain validation, so OK. > However, usually crypto libs are searching for default certificate > authorities if None/NULL is passed... while we are to ignore. it's how it's works right now, and after this patch we will ignore cert even if it's provided when validate_cert_chain=False > > I have expected something like: > c.SSLConnect() > if validate_cert_chain: > c.VerifyPeer() connect and then validate the cert.? .................................................... File src/ovirtsdk/web/connection.py Line 108: Line 109: u = self.__parse_url(url) Line 110: Line 111: if(u.scheme == 'https'): Line 112: if (not insecure and not ca_file) and validate_cert_chain: okay, your 'if' is a bit more clear. Line 113: raise NoCertificatesError Line 114: elif not validate_cert_chain: Line 115: ca_file = None Line 116: -- To view, visit http://gerrit.ovirt.org/12474 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I61707c4b0380665bc42b34387efdc622cfc4201e Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine-sdk Gerrit-Branch: master Gerrit-Owner: Michael Pasternak <[email protected]> Gerrit-Reviewer: Alon Bar-Lev <[email protected]> Gerrit-Reviewer: Michael Pasternak <[email protected]> Gerrit-Reviewer: Ravi Nori <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
