Edward Haas has uploaded a new change for review. Change subject: fix 186c8574: When using SSL, use the original host ......................................................................
fix 186c8574: When using SSL, use the original host When a connection to a remote is perform and encryption (SSL) is enabled, the original target host should be used for the connection and not a resolved one. This bug has been detected when trying to connect to a remote IPv4 host, with a hostname as the target host and SSL enabled. The host got resolved before calling connect, and therefore the certificate has not been matched correctly (expected a hostname but used a resilved IPv4 address). Change-Id: Ibd54bcddd5ab676d94f7a5965a061d1a3cb1f40a Signed-off-by: Edward Haas <edwa...@redhat.com> --- M lib/vdsm/utils.py 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/20/55620/1 diff --git a/lib/vdsm/utils.py b/lib/vdsm/utils.py index 13a8bc1..2370fcd 100644 --- a/lib/vdsm/utils.py +++ b/lib/vdsm/utils.py @@ -857,7 +857,7 @@ sock = sslctx.wrapSocket(sock) sock.settimeout(timeout) - sock.connect(sockaddr) + sock.connect((host, port)) return sock -- To view, visit https://gerrit.ovirt.org/55620 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ibd54bcddd5ab676d94f7a5965a061d1a3cb1f40a Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Edward Haas <edwa...@redhat.com> _______________________________________________ vdsm-patches mailing list vdsm-patches@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches