Alon Bar-Lev has posted comments on this change.
Change subject: vdsm-reg: use web server CA extracted from SSL handshake
......................................................................
Patch Set 4: Verified
OK. Verified.
Hate to verify stuff on node...
Changes since last patch:
1. Convert port from string to int.
2. Catch exceptions and return empty set in getSSLChain, less errors in
display.
Verified that it works for both HTTP and HTTPS, in future if someone decide to
drop the HTTP I will be first in line.
However using HTTP prints some errors to the console of the ovirt-node setup.
When using HTTP:
Failed downloading oVirt Engine certificate
[OK]
It has some logging errors at the background, that are resulted from
logging.error() output.
Then, pressing OK
Applying configuration
Then:
oVirt Engine Configuration Successfully Updated
I would have opened CVE for this as the authorized_keys are updated even if
certificate fetch is failing... but this is not the scope of this patch.
So safe to merge this patch, it does not enhance the broken security, but lays
down the foundations to use 3rd party CA.
--
To view, visit http://gerrit.ovirt.org/8386
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Iab8727a167de19ac66712309868654ae00c9bf4d
Gerrit-PatchSet: 4
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev <[email protected]>
Gerrit-Reviewer: Alon Bar-Lev <[email protected]>
Gerrit-Reviewer: Dan Kenigsberg <[email protected]>
Gerrit-Reviewer: Doron Fediuck <[email protected]>
Gerrit-Reviewer: Juan Hernandez <[email protected]>
_______________________________________________
vdsm-patches mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
