search for: ca_file

...> >On Thu, Mar 8, 2018 at 11:37 AM Richard W.M. Jones > > +# Connect to the server. > > +connection = sdk.Connection( > > +    url = params['output_conn'], > > +    username = username, > > +    password = output_password, > > +    ca_file = params['rhv_cafile'], > > +    log = logging.getLogger(), > > +    insecure = True,        # XXX? > > > > > >ovirt-imageio authentication is based on the assumption that the > >secret random url is passed from engine  to the user via https. > &...

Fixes the majority of the pycodestyle issues in the Python scripts, and fix the existing test-v2v-python-syntax.sh to use pycodestyle to actually perform style checks. Pino Toscano (6): PEP 8: adapt whitespaces in lines PEP 8: move imports at the top PEP 8: adapt empty lines tests: find all the Python scripts for syntax checks -o rhv-upload: remove unused Python imports Revamp check

One and all, I have scoured the internet high and low tonight and I can not for the life of me fix this damn problem. I have downloaded certificates, installed certificates, changed my :ca_path and such as stated in the documentation for omniauth-facebook for which I thought would be ok to do with this one. Can anyone point me in the right direction of how to disable SSL in development mode

...t no reactions) Do I understand correctly that ssl shoudl be configured independently for libvirt and each hypervisor? I asked because I configured libvirt connection as qemu+tls://bambus.kjonca/system?pkipath=... (and on bambus in /etc/libvirt/libvirtd.conf) I set key_file = ... cert_file = ... ca_file = ... But after connect and lauching (on bambus) vm I tried to snif traffic to bambus:5900 on client) and wireshark was able to detect "VNC" protocol (BTW not spice?), so I am confused. should I configure in /etc/libvirt/qemu.conf spice_tls option and certificates ? KJ

...geioClient > + > +import nbdkit > + > +# Using version 2 supporting the buffer protocol for better performance. > +API_VERSION = 2 > + > +# Plugin configuration, can be set using key=value in the command line. > +params = { > + "secure": True, > + "ca_file": "", > + "connections": 1, > + "transfer_url": None, > +} > + > + > +def config(key, value): > + """ > + Parse the url parameter which contains the transfer URL that we want to > + serve. > + "&q...

...extmanager + +from ovirt_imageio.client import ImageioClient + +import nbdkit + +# Using version 2 supporting the buffer protocol for better performance. +API_VERSION = 2 + +# Plugin configuration, can be set using key=value in the command line. +params = { + "secure": True, + "ca_file": "", + "connections": 1, + "transfer_url": None, +} + + +def config(key, value): + """ + Parse the url parameter which contains the transfer URL that we want to + serve. + """ + if key == "transfer_url"...

In dovecot-2.0.alpha3, setting "ssl_ca_file = /path/to/file" in conf.d/ssl.conf does not work, because imap-login chroots before opening the ca_file. Perhaps this parameter could be replaced with "ssl_ca = </path/to/file" as was done with ssl_cert and ssl_key. Tue Nov 17 11:19:38 server dovecot[1143]: imap-login: Fatal: E...

...39;'protocol.http.ssl_config.client_cert''] = ''/etc/certs/ssl.crt/server_cert.crt'' soap.options[''protocol.http.ssl_config.client_key'']=''/etc/certs/ssl.crt/server_key_nopass.pem'' soap.options[''protocol.http.ssl_config.ca_file'']=''/etc/certs/ssl.crt/ca.crt'' dn = soap.getDn(user) puts dn ======================================= ||Behind a Controller: (Doesn''t work) || ======================================= require ''soap/wsdlDriver'' require ''http-acces...

With libvirt 6.9.0, qemu 5.1.0, and following configurations: libvirt: key_file = "/etc/ssl/libvirt/server.lan.key" cert_file = "/etc/ssl/libvirt/server.lan.crt" ca_file = "/etc/ssl/libvirt/ca.crt" log_filters="3:remote 4:event 3:util.json 3:rpc 1:*" log_outputs="1:file:/var/log/libvirt/libvirtd.log" qemu: default_tls_x509_cert_dir = "/etc/ssl/qemu" default_tls_x509_verify = 1 migration with tls: virsh # migrate vm1 qemu+tl...

...509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); #endif - - SSL_CTX_set_client_CA_list(ctx->ssl_ctx, ca_names); } static struct ssl_iostream_settings * @@ -320,18 +295,17 @@ const char **error_r) { X509_STORE *store; - STACK_OF(X509_NAME) *xnames = NULL; const char *ca_file, *ca_dir; bool have_ca = FALSE; if (set->ca != NULL) { store = SSL_CTX_get_cert_store(ctx->ssl_ctx); - if (load_ca(store, set->ca, &xnames) < 0) { + if (load_ca(ctx->ssl_ctx, set->ca) < 0) { *error_r = t_strdup_printf("Couldn't parse ssl_ca: %s"...

...39;]) > +username = parsed.username or "admin@internal" > + > +# Connect to the server. > +connection = sdk.Connection( > +    url = params['output_conn'], > +    username = username, > +    password = output_password, > +    ca_file = params['rhv_cafile'], > +    log = logging.getLogger(), > +    insecure = True,        # XXX? > > > ovirt-imageio authentication is based on the assumption that the > secret random url is passed from engine  to the user via https. > if this access engine usi...

...o esx://esxhost/: libvirt error code: 38, message: unable to connect to 'esxhost': Connection refused I have also tried suggestion on webpage above regarding these libvirtd.conf settings and restarted libvirtd: tls_no_verify_certificate = 1 key_file = "" cert_file = "" ca_file = "" crl_file = "" ... But no change. The problem may well be the TLS certificates, PKI isn't one of my strong points. I believe the hostnames in the certificates are correct. Which certificates (if any) should be copied to the ESXi host (client or server)? Should I copy a...

Hi, could someone help me with ssl certificates? i have mycert.pfx file (client certificate) and CA certificate ca.cer. i far as i know, ruby doesn''t understand pfx format, so i''ve converted it to pem format. in viewer pem looks like: Bag attributes blabla Key Attributes blabla ---begin rsa private key--- blabla ---end rsa private key----- --begin certificate-------- blabla

...ck ??? virtsecretd-sock-ro ??? virtstoraged-admin-sock ??? virtstoraged-sock ??? virtstoraged-sock-ro ??? virtxend-admin-sock ??? virtxend-sock ??? virtxend-sock-ro On the server, TLS certs are in place openssl version OpenSSL 1.1.1g 21 Apr 2020 cat /etc/libvirt/libvirt.conf ca_file = "/sec/ssl/CA/CA.CHAIN.crt.pem" cert_file = "/sec/ssl/libvirt/client.EC.crt.pem" key_file = "/sec/ssl/libvirt/client.EC.key.pem" cat /etc/libvirt/virtproxyd.conf ca_file = "/sec/ssl/CA/CA.CHAIN.crt.pem" cert_file = "/sec/ssl/libvirt/server...

...lparse(params['output_conn']) > +username = parsed.username or "admin@internal" > + > +# Connect to the server. > +connection = sdk.Connection( > + url = params['output_conn'], > + username = username, > + password = output_password, > + ca_file = params['rhv_cafile'], > + log = logging.getLogger(), > + insecure = True, # XXX? > ovirt-imageio authentication is based on the assumption that the secret random url is passed from engine to the user via https. if this access engine using clear text then yes it is...

...f845c86dcb12c720b38fc60dcdaa5a10373081 > [snipped] > > > + # Connect to the server. > > + connection = sdk.Connection( > > + url = params['output_conn'], > > + username = username, > > + password = password, > > + ca_file = params['rhv_cafile'], > > > > Can this be None? We could allow that, but in the current code it must be present. > > + log = logging.getLogger(), > > + insecure = params['insecure'], > > > > If ca_file cannot be None, then inse...

...n python 2, but you can use six.moves to have code that works on both 2 and 3. [snipped] > + # Connect to the server. > + connection = sdk.Connection( > + url = params['output_conn'], > + username = username, > + password = password, > + ca_file = params['rhv_cafile'], > Can this be None? > + log = logging.getLogger(), > + insecure = params['insecure'], > If ca_file cannot be None, then insecure is not needed, based on Ondra review from earlier version. [snipped] > + # Create the disk....

...return parsed.username or "admin@internal" + +def open(readonly): connection = sdk.Connection( url = params['output_conn'], - username = username, - password = password, + username = parse_username(), + password = read_password(), ca_file = params['rhv_cafile'], log = logging.getLogger(), insecure = params['insecure'], -- 2.21.0

I am thinking of using tls connection between my client and server instead of current ssh. I found https://libvirt.org/kbase/tlscerts.html and I want to know if it is possible to customise some setting (e.g. use my own cert names, or locations) but I was not able to. Moreover https://github.com/libvirt/libvirt/blob/44520f6e01580d6bada88b47e5b77e6bee023ac6/src/rpc/virnettlscontext.c suggests that

...rvisor Here's the uncommented lines in my /etc/libvirt/libvirtd.conf ----------- listen_tls = 1 listen_tcp = 0 listen_addr = "...." (set to eth0) key_file = "/var/lib/puppet/ssl/private_keys/kvmhost.tld.pem" cert_file = "/var/lib/puppet/ssl/certs/kvmhost.tld.pem" ca_file = "/var/lib/puppet/ssl/certs/ca.pem" log_level = 1 log_filters="1:remote 1:event" log_outputs="1:syslog:libvirtd 1:file:/var/log/libvirt/libvirtd.log" There is no output in /var/log/libvirt/libvirtd.log while trying to connect remotely through virsh. The only logs t...