Edward Haas has uploaded a new change for review.
Change subject: fix 186c8574: When using SSL, use the original host
......................................................................
fix 186c8574: When using SSL, use the original host
When a connection to a remote is perform and encryption (SSL) is
enabled, the original target host should be used for the connection and
not a resolved one.
This bug has been detected when trying to connect to a remote IPv4 host,
with a hostname as the target host and SSL enabled.
The host got resolved before calling connect, and therefore the
certificate has not been matched correctly (expected a hostname but used
a resilved IPv4 address).
Change-Id: Ibd54bcddd5ab676d94f7a5965a061d1a3cb1f40a
Signed-off-by: Edward Haas <edwa...@redhat.com>
---
M lib/vdsm/utils.py
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/20/55620/1
diff --git a/lib/vdsm/utils.py b/lib/vdsm/utils.py
index 13a8bc1..2370fcd 100644
--- a/lib/vdsm/utils.py
+++ b/lib/vdsm/utils.py
@@ -857,7 +857,7 @@
sock = sslctx.wrapSocket(sock)
sock.settimeout(timeout)
- sock.connect(sockaddr)
+ sock.connect((host, port))
return sock
--
To view, visit https://gerrit.ovirt.org/55620
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ibd54bcddd5ab676d94f7a5965a061d1a3cb1f40a
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Edward Haas <edwa...@redhat.com>
_______________________________________________
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
