Nir Soffer
2018-Dec-07 00:44 UTC
[Libguestfs] [PATCH] v2v: -o rhv-upload: Fix upload when using https
Fix rhv-cafile option access, broken by commit 6694028f9827 (v2v: -o rhv-upload: Only set SSL context for https connections). --- .gnulib | 2 +- v2v/rhv-upload-plugin.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gnulib b/.gnulib index 6ccfbb4ce..646a44e1b 160000 --- a/.gnulib +++ b/.gnulib @@ -1 +1 @@ -Subproject commit 6ccfbb4ce5d4fa79f7afb48f3648f2e0401523c3 +Subproject commit 646a44e1b190c4a7f6a9f32c63230c619e38d251 diff --git a/v2v/rhv-upload-plugin.py b/v2v/rhv-upload-plugin.py index 1a217b6dc..3272c3ce3 100644 --- a/v2v/rhv-upload-plugin.py +++ b/v2v/rhv-upload-plugin.py @@ -193,41 +193,41 @@ def open(readonly): if transfer.phase != types.ImageTransferPhase.INITIALIZING: break if time.time() > endt: raise RuntimeError("timed out waiting for transfer status " "!= INITIALIZING") # Now we have permission to start the transfer. if params['rhv_direct']: if transfer.transfer_url is None: raise RuntimeError("direct upload to host not supported, " "requires ovirt-engine >= 4.2 and only works " "when virt-v2v is run within the oVirt/RHV " "environment, eg. on an oVirt node.") destination_url = urlparse(transfer.transfer_url) else: destination_url = urlparse(transfer.proxy_url) if destination_url.scheme == "https": context = \ ssl.create_default_context(purpose = ssl.Purpose.SERVER_AUTH, - cafile = cafile) + cafile = params['rhv_cafile']) if params['insecure']: context.check_hostname = False context.verify_mode = ssl.CERT_NONE http = HTTPSConnection( destination_url.hostname, destination_url.port, context = context ) elif destination_url.scheme == "http": http = HTTPConnection( destination_url.hostname, destination_url.port, ) else: raise RuntimeError("unknown URL scheme (%s)" % destination_url.scheme) # The first request is to fetch the features of the server. # Authentication was needed only for GET and PUT requests when # communicating with old imageio-proxy. -- 2.17.2
Richard W.M. Jones
2018-Dec-07 08:34 UTC
Re: [Libguestfs] [PATCH] v2v: -o rhv-upload: Fix upload when using https
On Fri, Dec 07, 2018 at 02:44:21AM +0200, Nir Soffer wrote:> Fix rhv-cafile option access, broken by commit 6694028f9827 (v2v: -o > rhv-upload: Only set SSL context for https connections).Ugh yes indeed. Strong typing FTW _again_ ... Will apply shortly, thanks. Rich.> .gnulib | 2 +- > v2v/rhv-upload-plugin.py | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/.gnulib b/.gnulib > index 6ccfbb4ce..646a44e1b 160000 > --- a/.gnulib > +++ b/.gnulib > @@ -1 +1 @@ > -Subproject commit 6ccfbb4ce5d4fa79f7afb48f3648f2e0401523c3 > +Subproject commit 646a44e1b190c4a7f6a9f32c63230c619e38d251 > diff --git a/v2v/rhv-upload-plugin.py b/v2v/rhv-upload-plugin.py > index 1a217b6dc..3272c3ce3 100644 > --- a/v2v/rhv-upload-plugin.py > +++ b/v2v/rhv-upload-plugin.py > @@ -193,41 +193,41 @@ def open(readonly): > if transfer.phase != types.ImageTransferPhase.INITIALIZING: > break > if time.time() > endt: > raise RuntimeError("timed out waiting for transfer status " > "!= INITIALIZING") > > # Now we have permission to start the transfer. > if params['rhv_direct']: > if transfer.transfer_url is None: > raise RuntimeError("direct upload to host not supported, " > "requires ovirt-engine >= 4.2 and only works " > "when virt-v2v is run within the oVirt/RHV " > "environment, eg. on an oVirt node.") > destination_url = urlparse(transfer.transfer_url) > else: > destination_url = urlparse(transfer.proxy_url) > > if destination_url.scheme == "https": > context = \ > ssl.create_default_context(purpose = ssl.Purpose.SERVER_AUTH, > - cafile = cafile) > + cafile = params['rhv_cafile']) > if params['insecure']: > context.check_hostname = False > context.verify_mode = ssl.CERT_NONE > http = HTTPSConnection( > destination_url.hostname, > destination_url.port, > context = context > ) > elif destination_url.scheme == "http": > http = HTTPConnection( > destination_url.hostname, > destination_url.port, > ) > else: > raise RuntimeError("unknown URL scheme (%s)" % destination_url.scheme) > > # The first request is to fetch the features of the server. > > # Authentication was needed only for GET and PUT requests when > # communicating with old imageio-proxy. > -- > 2.17.2-- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-top is 'top' for virtual machines. Tiny program with many powerful monitoring features, net stats, disk stats, logging, etc. http://people.redhat.com/~rjones/virt-top
Nir Soffer
2018-Dec-07 09:01 UTC
Re: [Libguestfs] [PATCH] v2v: -o rhv-upload: Fix upload when using https
On Fri, Dec 7, 2018, 10:34 Richard W.M. Jones <rjones@redhat.com wrote:> On Fri, Dec 07, 2018 at 02:44:21AM +0200, Nir Soffer wrote: > > Fix rhv-cafile option access, broken by commit 6694028f9827 (v2v: -o > > rhv-upload: Only set SSL context for https connections). > > Ugh yes indeed. Strong typing FTW _again_"pylint -E" may detect such issues. ...> > Will apply shortly, thanks. > > Rich. > > > .gnulib | 2 +- > > v2v/rhv-upload-plugin.py | 2 +- > > 2 files changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/.gnulib b/.gnulib > > index 6ccfbb4ce..646a44e1b 160000 > > --- a/.gnulib > > +++ b/.gnulib > > @@ -1 +1 @@ > > -Subproject commit 6ccfbb4ce5d4fa79f7afb48f3648f2e0401523c3 > > +Subproject commit 646a44e1b190c4a7f6a9f32c63230c619e38d251 > > diff --git a/v2v/rhv-upload-plugin.py b/v2v/rhv-upload-plugin.py > > index 1a217b6dc..3272c3ce3 100644 > > --- a/v2v/rhv-upload-plugin.py > > +++ b/v2v/rhv-upload-plugin.py > > @@ -193,41 +193,41 @@ def open(readonly): > > if transfer.phase != types.ImageTransferPhase.INITIALIZING: > > break > > if time.time() > endt: > > raise RuntimeError("timed out waiting for transfer status " > > "!= INITIALIZING") > > > > # Now we have permission to start the transfer. > > if params['rhv_direct']: > > if transfer.transfer_url is None: > > raise RuntimeError("direct upload to host not supported, " > > "requires ovirt-engine >= 4.2 and only > works " > > "when virt-v2v is run within the > oVirt/RHV " > > "environment, eg. on an oVirt node.") > > destination_url = urlparse(transfer.transfer_url) > > else: > > destination_url = urlparse(transfer.proxy_url) > > > > if destination_url.scheme == "https": > > context = \ > > ssl.create_default_context(purpose > ssl.Purpose.SERVER_AUTH, > > - cafile = cafile) > > + cafile = params['rhv_cafile']) > > if params['insecure']: > > context.check_hostname = False > > context.verify_mode = ssl.CERT_NONE > > http = HTTPSConnection( > > destination_url.hostname, > > destination_url.port, > > context = context > > ) > > elif destination_url.scheme == "http": > > http = HTTPConnection( > > destination_url.hostname, > > destination_url.port, > > ) > > else: > > raise RuntimeError("unknown URL scheme (%s)" % > destination_url.scheme) > > > > # The first request is to fetch the features of the server. > > > > # Authentication was needed only for GET and PUT requests when > > # communicating with old imageio-proxy. > > -- > > 2.17.2 > > -- > Richard Jones, Virtualization Group, Red Hat > http://people.redhat.com/~rjones > Read my programming and virtualization blog: http://rwmj.wordpress.com > virt-top is 'top' for virtual machines. Tiny program with many > powerful monitoring features, net stats, disk stats, logging, etc. > http://people.redhat.com/~rjones/virt-top >