Matthew Booth
2010-Jun-07 12:32 UTC
[Libguestfs] [PATCH] ESX: Always validate SSL certificate
Since fetching storage from ESX was split into separate HEAD and GET requests,
the SSL certificate has only been validated on the HEAD request. It should be
validated on both.
---
lib/Sys/VirtV2V/Transfer/ESX.pm | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/lib/Sys/VirtV2V/Transfer/ESX.pm b/lib/Sys/VirtV2V/Transfer/ESX.pm
index f638149..5d6b586 100644
--- a/lib/Sys/VirtV2V/Transfer/ESX.pm
+++ b/lib/Sys/VirtV2V/Transfer/ESX.pm
@@ -143,6 +143,8 @@ sub get_volume
my $died = $r->header('X-Died');
die($died) if (defined($died));
+ $self->verify_certificate($r) unless ($self->{_v2v_noverify});
+
# It reports success even if we didn't receive the whole file
die(user_message(__x("Didn't receive full volume. Received
{received} ".
"of {total} bytes.",
--
1.7.0.1
Richard W.M. Jones
2010-Jun-07 12:40 UTC
[Libguestfs] [PATCH] ESX: Always validate SSL certificate
On Mon, Jun 07, 2010 at 01:32:35PM +0100, Matthew Booth wrote:> Since fetching storage from ESX was split into separate HEAD and GET requests, > the SSL certificate has only been validated on the HEAD request. It should be > validated on both.ACK. Meta point: If you include the bug number in all commit messages, then I have written a useful little script (attached) which pulls out a plain text summary of all the bugs which have been fixed between two releases. It's very useful when writing release notes. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming blog: http://rwmj.wordpress.com Fedora now supports 80 OCaml packages (the OPEN alternative to F#) http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora -------------- next part -------------- #!/bin/bash - # bugs-in-changelog # Copyright (C) 2009-2010 Red Hat Inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # Used when preparing the RELEASE-NOTES file. This script looks at # the bugs noted in the git changelog since the last stable release # (or any release). To use it, the only parameter should be the git # commit range, eg: # # ./bugs-in-changelog "1.0.89.." if [ -z "$1" ]; then echo "$0 git-commit-range" exit 1 fi # Comma-separated list of Bugzilla IDs. bugids=$( git log "$1" | egrep -o 'RHBZ#[0-9]+' | sed 's/RHBZ#//' | sort -u | tr '\n' ',' | sed 's/,$//' ) #echo bugids "$bugids" # Filter out any bugs which may still be in NEW or ASSIGNED: bugzilla query -b "$bugids" \ -t MODIFIED,POST,ON_QA,PASSES_QA,VERIFIED,RELEASE_PENDING,CLOSED \ --outputformat=' - %{bug_id} %{short_desc}' | sort -n -r
Possibly Parallel Threads
- [PATCH] ESX: Fix storage URL if storage has a snapshot
- [PREVIEW ONLY] Refactor data transfer code
- [PATCH 1/2] ESX: Look harder for potential transfer failures
- [PATCH] ESX: Enable verification of SSL certificates
- [PATCH 1/2] Refactor guest and volume creation into Sys::VirtV2V::Target::LibVirt