2:37 a.m.
Hello Saggi Mizrahi, Dan Kenigsberg,
I'd like you to do a code review. Please visit
https://gerrit.ovirt.org/43183
to review the following change.
Change subject: ssl: ssl protocol configurable
......................................................................
ssl: ssl protocol configurable
We make ssl protocol configurable in config.py.
Change-Id: Idb4889cb30f23c5e3e9221893cf07a02d051d8b5
Signed-off-by: pkliczewski <piotr.kliczewski(a)gmail.com>
Bug-Url: https://bugzilla.redhat.com/1154184
Reviewed-on: http://gerrit.ovirt.org/34345
Reviewed-by: Dan Kenigsberg <danken(a)redhat.com>
Reviewed-by: Saggi Mizrahi <smizrahi(a)redhat.com>
---
M lib/vdsm/config.py.in
M lib/vdsm/sslutils.py
M vdsm/clientIF.py
3 files changed, 7 insertions(+), 2 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/83/43183/1
diff --git a/lib/vdsm/config.py.in b/lib/vdsm/config.py.in
index 944aaa8..c9e5719 100644
--- a/lib/vdsm/config.py.in
+++ b/lib/vdsm/config.py.in
@@ -228,6 +228,9 @@
('transient_disks_repository', '@VDSMLIBDIR@/transient',
'Local path to the transient disks repository.'),
+
+ ('ssl_protocol', 'sslv23',
+ 'SSL protocol used by encrypted connection'),
]),
# Section: [ksm]
diff --git a/lib/vdsm/sslutils.py b/lib/vdsm/sslutils.py
index 8cbaad0..0ba92d0 100644
--- a/lib/vdsm/sslutils.py
+++ b/lib/vdsm/sslutils.py
@@ -132,7 +132,7 @@
class SSLContext(object):
def __init__(self, cert_file, key_file, ca_cert=None, session_id="SSL",
- protocol="sslv23"):
+ protocol="tlsv1"):
self.cert_file = cert_file
self.key_file = key_file
self.ca_cert = ca_cert
diff --git a/vdsm/clientIF.py b/vdsm/clientIF.py
index 3678f9d..f300ee0 100644
--- a/vdsm/clientIF.py
+++ b/vdsm/clientIF.py
@@ -170,7 +170,9 @@
key_file = os.path.join(truststore_path, 'keys',
'vdsmkey.pem')
cert_file = os.path.join(truststore_path, 'certs',
'vdsmcert.pem')
ca_cert = os.path.join(truststore_path, 'certs',
'cacert.pem')
- sslctx = SSLContext(cert_file, key_file, ca_cert)
+ protocol = config.get('vars', 'ssl_protocol')
+ sslctx = SSLContext(cert_file, key_file, ca_cert=ca_cert,
+ protocol=protocol)
return sslctx
def _prepareXMLRPCBinding(self, port):
--
To view, visit https://gerrit.ovirt.org/43183
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Idb4889cb30f23c5e3e9221893cf07a02d051d8b5
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: ovirt-3.5
Gerrit-Owner: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com>
Gerrit-Reviewer: Saggi Mizrahi <smizrahi(a)redhat.com>
2:37 a.m.
automation(a)ovirt.org has posted comments on this change.
Change subject: ssl: ssl protocol configurable
......................................................................
Patch Set 1:
* Update tracker::#1154184::OK
* Check Bug-Url::OK
* Check Public Bug::#1154184::OK, public bug
* Check Product::#1154184::OK, Correct product Red Hat Enterprise Virtualization Manager
* Check TR::#1154184::OK, correct target release 3.4.5
* Check merged to previous::OK, change not open on any previous branch
--
To view, visit https://gerrit.ovirt.org/43183
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Idb4889cb30f23c5e3e9221893cf07a02d051d8b5
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: ovirt-3.5
Gerrit-Owner: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Saggi Mizrahi <smizrahi(a)redhat.com>
Gerrit-Reviewer: automation(a)ovirt.org
Gerrit-HasComments: No
2:37 a.m.
Piotr Kliczewski has posted comments on this change.
Change subject: ssl: ssl protocol configurable
......................................................................
Patch Set 1: Verified+1
Backported from master so copying verification flag.
--
To view, visit https://gerrit.ovirt.org/43183
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Idb4889cb30f23c5e3e9221893cf07a02d051d8b5
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: ovirt-3.5
Gerrit-Owner: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Saggi Mizrahi <smizrahi(a)redhat.com>
Gerrit-Reviewer: Yaniv Bronhaim <ybronhei(a)redhat.com>
Gerrit-Reviewer: automation(a)ovirt.org
Gerrit-HasComments: No
3:29 a.m.
automation(a)ovirt.org has posted comments on this change.
Change subject: ssl: ssl protocol configurable
......................................................................
Patch Set 2: Verified-1
* Update tracker::IGNORE, no Bug-Url found
* Check Bug-Url::ERROR, At least one bug-url is required for the stable branch
* Check merged to previous::OK, change not open on any previous branch
--
To view, visit https://gerrit.ovirt.org/43183
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Idb4889cb30f23c5e3e9221893cf07a02d051d8b5
Gerrit-PatchSet: 2
Gerrit-Project: vdsm
Gerrit-Branch: ovirt-3.5
Gerrit-Owner: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Saggi Mizrahi <smizrahi(a)redhat.com>
Gerrit-Reviewer: Yaniv Bronhaim <ybronhei(a)redhat.com>
Gerrit-Reviewer: automation(a)ovirt.org
Gerrit-HasComments: No
5:52 a.m.
Yaniv Bronhaim has posted comments on this change.
Change subject: ssl: ssl protocol configurable
......................................................................
Patch Set 3: Code-Review+1
--
To view, visit https://gerrit.ovirt.org/43183
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Idb4889cb30f23c5e3e9221893cf07a02d051d8b5
Gerrit-PatchSet: 3
Gerrit-Project: vdsm
Gerrit-Branch: ovirt-3.5
Gerrit-Owner: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Saggi Mizrahi <smizrahi(a)redhat.com>
Gerrit-Reviewer: Yaniv Bronhaim <ybronhei(a)redhat.com>
Gerrit-Reviewer: automation(a)ovirt.org
Gerrit-HasComments: No
5:52 a.m.
automation(a)ovirt.org has posted comments on this change.
Change subject: ssl: ssl protocol configurable
......................................................................
Patch Set 3: -Verified
* Update tracker::#1217896::OK
* Check Bug-Url::OK
* Check Public Bug::#1217896::OK, public bug
* Check Product::#1217896::OK, Correct product Red Hat Enterprise Virtualization Manager
* Check TR::#1217896::OK, correct target release 3.5.5
* Check merged to previous::OK, change not open on any previous branch
--
To view, visit https://gerrit.ovirt.org/43183
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Idb4889cb30f23c5e3e9221893cf07a02d051d8b5
Gerrit-PatchSet: 3
Gerrit-Project: vdsm
Gerrit-Branch: ovirt-3.5
Gerrit-Owner: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Saggi Mizrahi <smizrahi(a)redhat.com>
Gerrit-Reviewer: Yaniv Bronhaim <ybronhei(a)redhat.com>
Gerrit-Reviewer: automation(a)ovirt.org
Gerrit-HasComments: No
3:14 p.m.
Piotr Kliczewski has posted comments on this change.
Change subject: ssl: ssl protocol configurable
......................................................................
Patch Set 3:
BUild failed due to jenkins issue. Not related to this change.
--
To view, visit https://gerrit.ovirt.org/43183
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Idb4889cb30f23c5e3e9221893cf07a02d051d8b5
Gerrit-PatchSet: 3
Gerrit-Project: vdsm
Gerrit-Branch: ovirt-3.5
Gerrit-Owner: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Saggi Mizrahi <smizrahi(a)redhat.com>
Gerrit-Reviewer: Yaniv Bronhaim <ybronhei(a)redhat.com>
Gerrit-Reviewer: automation(a)ovirt.org
Gerrit-HasComments: No
12:28 a.m.
Oved Ourfali has posted comments on this change.
Change subject: ssl: ssl protocol configurable
......................................................................
Patch Set 3:
can we merge this one?
--
To view, visit https://gerrit.ovirt.org/43183
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Idb4889cb30f23c5e3e9221893cf07a02d051d8b5
Gerrit-PatchSet: 3
Gerrit-Project: vdsm
Gerrit-Branch: ovirt-3.5
Gerrit-Owner: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Oved Ourfali <oourfali(a)redhat.com>
Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Saggi Mizrahi <smizrahi(a)redhat.com>
Gerrit-Reviewer: Yaniv Bronhaim <ybronhei(a)redhat.com>
Gerrit-Reviewer: automation(a)ovirt.org
Gerrit-HasComments: No
4:14 a.m.
Francesco Romani has posted comments on this change.
Change subject: ssl: ssl protocol configurable
......................................................................
Patch Set 3: Code-Review+2
--
To view, visit https://gerrit.ovirt.org/43183
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Idb4889cb30f23c5e3e9221893cf07a02d051d8b5
Gerrit-PatchSet: 3
Gerrit-Project: vdsm
Gerrit-Branch: ovirt-3.5
Gerrit-Owner: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com>
Gerrit-Reviewer: Francesco Romani <fromani(a)redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Oved Ourfali <oourfali(a)redhat.com>
Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Saggi Mizrahi <smizrahi(a)redhat.com>
Gerrit-Reviewer: Yaniv Bronhaim <ybronhei(a)redhat.com>
Gerrit-Reviewer: automation(a)ovirt.org
Gerrit-HasComments: No
4:29 a.m.
Francesco Romani has submitted this change and it was merged.
Change subject: ssl: ssl protocol configurable
......................................................................
ssl: ssl protocol configurable
We make ssl protocol configurable in config.py.
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1217896
Change-Id: Idb4889cb30f23c5e3e9221893cf07a02d051d8b5
Signed-off-by: pkliczewski <piotr.kliczewski(a)gmail.com>
Reviewed-on: https://gerrit.ovirt.org/43183
Reviewed-by: Yaniv Bronhaim <ybronhei(a)redhat.com>
Continuous-Integration: Jenkins CI
Reviewed-by: Francesco Romani <fromani(a)redhat.com>
---
M lib/vdsm/config.py.in
M lib/vdsm/sslutils.py
M vdsm/clientIF.py
3 files changed, 7 insertions(+), 2 deletions(-)
Approvals:
Piotr Kliczewski: Verified
Yaniv Bronhaim: Looks good to me, but someone else must approve
Jenkins CI: Passed CI tests
Francesco Romani: Looks good to me, approved
--
To view, visit https://gerrit.ovirt.org/43183
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Idb4889cb30f23c5e3e9221893cf07a02d051d8b5
Gerrit-PatchSet: 4
Gerrit-Project: vdsm
Gerrit-Branch: ovirt-3.5
Gerrit-Owner: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com>
Gerrit-Reviewer: Francesco Romani <fromani(a)redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Oved Ourfali <oourfali(a)redhat.com>
Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Saggi Mizrahi <smizrahi(a)redhat.com>
Gerrit-Reviewer: Yaniv Bronhaim <ybronhei(a)redhat.com>
Gerrit-Reviewer: automation(a)ovirt.org
4:29 a.m.
automation(a)ovirt.org has posted comments on this change.
Change subject: ssl: ssl protocol configurable
......................................................................
Patch Set 4:
* Update tracker::#1217896::OK
* Set MODIFIED::bug 1217896::::#1217896::::IGNORE, not oVirt prod but Red Hat Enterprise
Virtualization Manager
--
To view, visit https://gerrit.ovirt.org/43183
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Idb4889cb30f23c5e3e9221893cf07a02d051d8b5
Gerrit-PatchSet: 4
Gerrit-Project: vdsm
Gerrit-Branch: ovirt-3.5
Gerrit-Owner: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com>
Gerrit-Reviewer: Francesco Romani <fromani(a)redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Oved Ourfali <oourfali(a)redhat.com>
Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Saggi Mizrahi <smizrahi(a)redhat.com>
Gerrit-Reviewer: Yaniv Bronhaim <ybronhei(a)redhat.com>
Gerrit-Reviewer: automation(a)ovirt.org
Gerrit-HasComments: No
3176
days inactive
3239
days old
vdsm-patches@lists.fedorahosted.org
10 comments
5 participants
participants (5)
-
automation@ovirt.org -
fromani@redhat.com -
Oved Ourfali -
Piotr Kliczewski -
ybronhei@redhat.com