Alon Bar-Lev has posted comments on this change. Change subject: vdsm-reg: use web server CA extracted from SSL handshake ......................................................................
Patch Set 3: Juan... it is not entirely correct. The method of downloading the initial trust is not important as long as you verify the trust (fingerprint). From this point on, you validate each session using this trust. For the "fallback" I refer the "fallback" of downloading the *OTHER* resources using HTTP. Currently it is the ssh keys and performing registration. This should be removed in favor of using only SSL. If we want to keep HTTP for the *OTHER* resources, we should pass explicit parameter to vdsm-reg, falling back automatically is something that should be banned. -- To view, visit http://gerrit.ovirt.org/8386 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Iab8727a167de19ac66712309868654ae00c9bf4d Gerrit-PatchSet: 3 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev <[email protected]> Gerrit-Reviewer: Alon Bar-Lev <[email protected]> Gerrit-Reviewer: Dan Kenigsberg <[email protected]> Gerrit-Reviewer: Doron Fediuck <[email protected]> Gerrit-Reviewer: Juan Hernandez <[email protected]> _______________________________________________ vdsm-patches mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
