Piotr Kliczewski has posted comments on this change. Change subject: vdscli: host verification fails on client side ......................................................................
Patch Set 1: (1 comment) I understand that this solution looks not great but this code is used when we attempt to run functional tests (no host address provided). When we run socket#connect and we provide addr. It is used during handshake to verify hostname from the certificate. In M2Crypto we call clientPostConnectionCheck to perform the check where we do not attempt to check both ip and hostname. In this code we use host param as provided when calling connect. Initially when I talked with Yeela I wanted to reimplement clientPostConnectionCheck in order to fix the issue but it seems to be dev/test specific and it should work for production systems once we start to use it. Please know it is client side failure. https://gerrit.ovirt.org/#/c/45449/1//COMMIT_MSG Commit Message: Line 8: Line 9: When we provide hostname or run functional tests and attempt to connect Line 10: to the server using jsonrpcvdscli we fail ssl handshake due to how Line 11: m2cytpro host verification is written. In order to establish a Line 12: connection we need to provide ip address instead. > back in http://gerrit.ovirt.org/28674 I was certain that the server no long It is not about the server. From vdsm perspective it works. In this specific situation it is the client who fails the handshake. I will add the stacktarce to the message with next patch set but for reference you can find it here: http://fpaste.org/258503/20445144/ Line 13: Line 14: Line 15: Change-Id: Iae0b8e71f4e3e03432db6c8f9dcf0a69c4612fc2 -- To view, visit https://gerrit.ovirt.org/45449 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Iae0b8e71f4e3e03432db6c8f9dcf0a69c4612fc2 Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Piotr Kliczewski <[email protected]> Gerrit-Reviewer: Dan Kenigsberg <[email protected]> Gerrit-Reviewer: Jenkins CI Gerrit-Reviewer: Piotr Kliczewski <[email protected]> Gerrit-Reviewer: Yaniv Bronhaim <[email protected]> Gerrit-Reviewer: Yeela Kaplan <[email protected]> Gerrit-Reviewer: [email protected] Gerrit-HasComments: Yes _______________________________________________ vdsm-patches mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
